diff options
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 141 |
1 files changed, 77 insertions, 64 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 5743c2c41..c22477f59 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.255 2017/03/11 23:40:26 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -93,7 +93,7 @@ char *xxx_host; | |||
93 | struct sockaddr *xxx_hostaddr; | 93 | struct sockaddr *xxx_hostaddr; |
94 | 94 | ||
95 | static int | 95 | static int |
96 | verify_host_key_callback(Key *hostkey, struct ssh *ssh) | 96 | verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) |
97 | { | 97 | { |
98 | if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) | 98 | if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) |
99 | fatal("Host key verification failed."); | 99 | fatal("Host key verification failed."); |
@@ -267,7 +267,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
267 | } | 267 | } |
268 | #endif | 268 | #endif |
269 | 269 | ||
270 | dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); | 270 | ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done); |
271 | 271 | ||
272 | /* remove ext-info from the KEX proposals for rekeying */ | 272 | /* remove ext-info from the KEX proposals for rekeying */ |
273 | myproposal[PROPOSAL_KEX_ALGS] = | 273 | myproposal[PROPOSAL_KEX_ALGS] = |
@@ -347,16 +347,16 @@ struct cauthmethod { | |||
347 | int *batch_flag; /* flag in option struct that disables method */ | 347 | int *batch_flag; /* flag in option struct that disables method */ |
348 | }; | 348 | }; |
349 | 349 | ||
350 | int input_userauth_service_accept(int, u_int32_t, void *); | 350 | int input_userauth_service_accept(int, u_int32_t, struct ssh *); |
351 | int input_userauth_ext_info(int, u_int32_t, void *); | 351 | int input_userauth_ext_info(int, u_int32_t, struct ssh *); |
352 | int input_userauth_success(int, u_int32_t, void *); | 352 | int input_userauth_success(int, u_int32_t, struct ssh *); |
353 | int input_userauth_success_unexpected(int, u_int32_t, void *); | 353 | int input_userauth_success_unexpected(int, u_int32_t, struct ssh *); |
354 | int input_userauth_failure(int, u_int32_t, void *); | 354 | int input_userauth_failure(int, u_int32_t, struct ssh *); |
355 | int input_userauth_banner(int, u_int32_t, void *); | 355 | int input_userauth_banner(int, u_int32_t, struct ssh *); |
356 | int input_userauth_error(int, u_int32_t, void *); | 356 | int input_userauth_error(int, u_int32_t, struct ssh *); |
357 | int input_userauth_info_req(int, u_int32_t, void *); | 357 | int input_userauth_info_req(int, u_int32_t, struct ssh *); |
358 | int input_userauth_pk_ok(int, u_int32_t, void *); | 358 | int input_userauth_pk_ok(int, u_int32_t, struct ssh *); |
359 | int input_userauth_passwd_changereq(int, u_int32_t, void *); | 359 | int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *); |
360 | 360 | ||
361 | int userauth_none(Authctxt *); | 361 | int userauth_none(Authctxt *); |
362 | int userauth_pubkey(Authctxt *); | 362 | int userauth_pubkey(Authctxt *); |
@@ -366,11 +366,11 @@ int userauth_hostbased(Authctxt *); | |||
366 | 366 | ||
367 | #ifdef GSSAPI | 367 | #ifdef GSSAPI |
368 | int userauth_gssapi(Authctxt *authctxt); | 368 | int userauth_gssapi(Authctxt *authctxt); |
369 | int input_gssapi_response(int type, u_int32_t, void *); | 369 | int input_gssapi_response(int type, u_int32_t, struct ssh *); |
370 | int input_gssapi_token(int type, u_int32_t, void *); | 370 | int input_gssapi_token(int type, u_int32_t, struct ssh *); |
371 | int input_gssapi_hash(int type, u_int32_t, void *); | 371 | int input_gssapi_hash(int type, u_int32_t, struct ssh *); |
372 | int input_gssapi_error(int, u_int32_t, void *); | 372 | int input_gssapi_error(int, u_int32_t, struct ssh *); |
373 | int input_gssapi_errtok(int, u_int32_t, void *); | 373 | int input_gssapi_errtok(int, u_int32_t, struct ssh *); |
374 | int userauth_gsskeyex(Authctxt *authctxt); | 374 | int userauth_gsskeyex(Authctxt *authctxt); |
375 | #endif | 375 | #endif |
376 | 376 | ||
@@ -380,7 +380,7 @@ static int sign_and_send_pubkey(Authctxt *, Identity *); | |||
380 | static void pubkey_prepare(Authctxt *); | 380 | static void pubkey_prepare(Authctxt *); |
381 | static void pubkey_cleanup(Authctxt *); | 381 | static void pubkey_cleanup(Authctxt *); |
382 | static void pubkey_reset(Authctxt *); | 382 | static void pubkey_reset(Authctxt *); |
383 | static Key *load_identity_file(Identity *); | 383 | static struct sshkey *load_identity_file(Identity *); |
384 | 384 | ||
385 | static Authmethod *authmethod_get(char *authlist); | 385 | static Authmethod *authmethod_get(char *authlist); |
386 | static Authmethod *authmethod_lookup(const char *name); | 386 | static Authmethod *authmethod_lookup(const char *name); |
@@ -463,10 +463,12 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
463 | (r = sshpkt_send(ssh)) != 0) | 463 | (r = sshpkt_send(ssh)) != 0) |
464 | fatal("%s: %s", __func__, ssh_err(r)); | 464 | fatal("%s: %s", __func__, ssh_err(r)); |
465 | 465 | ||
466 | ssh->authctxt = &authctxt; | ||
466 | ssh_dispatch_init(ssh, &input_userauth_error); | 467 | ssh_dispatch_init(ssh, &input_userauth_error); |
467 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); | 468 | ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); |
468 | ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); | 469 | ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); |
469 | ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ | 470 | ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ |
471 | ssh->authctxt = NULL; | ||
470 | 472 | ||
471 | pubkey_cleanup(&authctxt); | 473 | pubkey_cleanup(&authctxt); |
472 | ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); | 474 | ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); |
@@ -478,10 +480,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
478 | 480 | ||
479 | /* ARGSUSED */ | 481 | /* ARGSUSED */ |
480 | int | 482 | int |
481 | input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) | 483 | input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) |
482 | { | 484 | { |
483 | Authctxt *authctxt = ctxt; | 485 | Authctxt *authctxt = ssh->authctxt; |
484 | struct ssh *ssh = active_state; | ||
485 | int r; | 486 | int r; |
486 | 487 | ||
487 | if (ssh_packet_remaining(ssh) > 0) { | 488 | if (ssh_packet_remaining(ssh) > 0) { |
@@ -512,9 +513,9 @@ input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) | |||
512 | 513 | ||
513 | /* ARGSUSED */ | 514 | /* ARGSUSED */ |
514 | int | 515 | int |
515 | input_userauth_ext_info(int type, u_int32_t seqnr, void *ctxt) | 516 | input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) |
516 | { | 517 | { |
517 | return kex_input_ext_info(type, seqnr, active_state); | 518 | return kex_input_ext_info(type, seqnr, ssh); |
518 | } | 519 | } |
519 | 520 | ||
520 | void | 521 | void |
@@ -534,7 +535,8 @@ userauth(Authctxt *authctxt, char *authlist) | |||
534 | for (;;) { | 535 | for (;;) { |
535 | Authmethod *method = authmethod_get(authlist); | 536 | Authmethod *method = authmethod_get(authlist); |
536 | if (method == NULL) | 537 | if (method == NULL) |
537 | fatal("Permission denied (%s).", authlist); | 538 | fatal("%s@%s: Permission denied (%s).", |
539 | authctxt->server_user, authctxt->host, authlist); | ||
538 | authctxt->method = method; | 540 | authctxt->method = method; |
539 | 541 | ||
540 | /* reset the per method handler */ | 542 | /* reset the per method handler */ |
@@ -554,7 +556,7 @@ userauth(Authctxt *authctxt, char *authlist) | |||
554 | 556 | ||
555 | /* ARGSUSED */ | 557 | /* ARGSUSED */ |
556 | int | 558 | int |
557 | input_userauth_error(int type, u_int32_t seq, void *ctxt) | 559 | input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) |
558 | { | 560 | { |
559 | fatal("input_userauth_error: bad message during authentication: " | 561 | fatal("input_userauth_error: bad message during authentication: " |
560 | "type %d", type); | 562 | "type %d", type); |
@@ -563,7 +565,7 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt) | |||
563 | 565 | ||
564 | /* ARGSUSED */ | 566 | /* ARGSUSED */ |
565 | int | 567 | int |
566 | input_userauth_banner(int type, u_int32_t seq, void *ctxt) | 568 | input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) |
567 | { | 569 | { |
568 | char *msg, *lang; | 570 | char *msg, *lang; |
569 | u_int len; | 571 | u_int len; |
@@ -580,9 +582,9 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) | |||
580 | 582 | ||
581 | /* ARGSUSED */ | 583 | /* ARGSUSED */ |
582 | int | 584 | int |
583 | input_userauth_success(int type, u_int32_t seq, void *ctxt) | 585 | input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) |
584 | { | 586 | { |
585 | Authctxt *authctxt = ctxt; | 587 | Authctxt *authctxt = ssh->authctxt; |
586 | 588 | ||
587 | if (authctxt == NULL) | 589 | if (authctxt == NULL) |
588 | fatal("input_userauth_success: no authentication context"); | 590 | fatal("input_userauth_success: no authentication context"); |
@@ -597,9 +599,9 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) | |||
597 | } | 599 | } |
598 | 600 | ||
599 | int | 601 | int |
600 | input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) | 602 | input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh) |
601 | { | 603 | { |
602 | Authctxt *authctxt = ctxt; | 604 | Authctxt *authctxt = ssh->authctxt; |
603 | 605 | ||
604 | if (authctxt == NULL) | 606 | if (authctxt == NULL) |
605 | fatal("%s: no authentication context", __func__); | 607 | fatal("%s: no authentication context", __func__); |
@@ -611,9 +613,9 @@ input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) | |||
611 | 613 | ||
612 | /* ARGSUSED */ | 614 | /* ARGSUSED */ |
613 | int | 615 | int |
614 | input_userauth_failure(int type, u_int32_t seq, void *ctxt) | 616 | input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) |
615 | { | 617 | { |
616 | Authctxt *authctxt = ctxt; | 618 | Authctxt *authctxt = ssh->authctxt; |
617 | char *authlist = NULL; | 619 | char *authlist = NULL; |
618 | int partial; | 620 | int partial; |
619 | 621 | ||
@@ -637,10 +639,10 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) | |||
637 | 639 | ||
638 | /* ARGSUSED */ | 640 | /* ARGSUSED */ |
639 | int | 641 | int |
640 | input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | 642 | input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) |
641 | { | 643 | { |
642 | Authctxt *authctxt = ctxt; | 644 | Authctxt *authctxt = ssh->authctxt; |
643 | Key *key = NULL; | 645 | struct sshkey *key = NULL; |
644 | Identity *id = NULL; | 646 | Identity *id = NULL; |
645 | Buffer b; | 647 | Buffer b; |
646 | int pktype, sent = 0; | 648 | int pktype, sent = 0; |
@@ -783,9 +785,9 @@ userauth_gssapi(Authctxt *authctxt) | |||
783 | } | 785 | } |
784 | 786 | ||
785 | static OM_uint32 | 787 | static OM_uint32 |
786 | process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) | 788 | process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) |
787 | { | 789 | { |
788 | Authctxt *authctxt = ctxt; | 790 | Authctxt *authctxt = ssh->authctxt; |
789 | Gssctxt *gssctxt = authctxt->methoddata; | 791 | Gssctxt *gssctxt = authctxt->methoddata; |
790 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | 792 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; |
791 | gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; | 793 | gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; |
@@ -838,9 +840,9 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) | |||
838 | 840 | ||
839 | /* ARGSUSED */ | 841 | /* ARGSUSED */ |
840 | int | 842 | int |
841 | input_gssapi_response(int type, u_int32_t plen, void *ctxt) | 843 | input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) |
842 | { | 844 | { |
843 | Authctxt *authctxt = ctxt; | 845 | Authctxt *authctxt = ssh->authctxt; |
844 | Gssctxt *gssctxt; | 846 | Gssctxt *gssctxt; |
845 | u_int oidlen; | 847 | u_int oidlen; |
846 | u_char *oidv; | 848 | u_char *oidv; |
@@ -868,7 +870,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
868 | 870 | ||
869 | free(oidv); | 871 | free(oidv); |
870 | 872 | ||
871 | if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { | 873 | if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) { |
872 | /* Start again with next method on list */ | 874 | /* Start again with next method on list */ |
873 | debug("Trying to start again"); | 875 | debug("Trying to start again"); |
874 | userauth(authctxt, NULL); | 876 | userauth(authctxt, NULL); |
@@ -879,9 +881,9 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
879 | 881 | ||
880 | /* ARGSUSED */ | 882 | /* ARGSUSED */ |
881 | int | 883 | int |
882 | input_gssapi_token(int type, u_int32_t plen, void *ctxt) | 884 | input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) |
883 | { | 885 | { |
884 | Authctxt *authctxt = ctxt; | 886 | Authctxt *authctxt = ssh->authctxt; |
885 | gss_buffer_desc recv_tok; | 887 | gss_buffer_desc recv_tok; |
886 | OM_uint32 status; | 888 | OM_uint32 status; |
887 | u_int slen; | 889 | u_int slen; |
@@ -894,7 +896,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) | |||
894 | 896 | ||
895 | packet_check_eom(); | 897 | packet_check_eom(); |
896 | 898 | ||
897 | status = process_gssapi_token(ctxt, &recv_tok); | 899 | status = process_gssapi_token(ssh, &recv_tok); |
898 | 900 | ||
899 | free(recv_tok.value); | 901 | free(recv_tok.value); |
900 | 902 | ||
@@ -908,9 +910,9 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) | |||
908 | 910 | ||
909 | /* ARGSUSED */ | 911 | /* ARGSUSED */ |
910 | int | 912 | int |
911 | input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | 913 | input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) |
912 | { | 914 | { |
913 | Authctxt *authctxt = ctxt; | 915 | Authctxt *authctxt = ssh->authctxt; |
914 | Gssctxt *gssctxt; | 916 | Gssctxt *gssctxt; |
915 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | 917 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; |
916 | gss_buffer_desc recv_tok; | 918 | gss_buffer_desc recv_tok; |
@@ -939,7 +941,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
939 | 941 | ||
940 | /* ARGSUSED */ | 942 | /* ARGSUSED */ |
941 | int | 943 | int |
942 | input_gssapi_error(int type, u_int32_t plen, void *ctxt) | 944 | input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) |
943 | { | 945 | { |
944 | char *msg; | 946 | char *msg; |
945 | char *lang; | 947 | char *lang; |
@@ -1016,7 +1018,7 @@ int | |||
1016 | userauth_passwd(Authctxt *authctxt) | 1018 | userauth_passwd(Authctxt *authctxt) |
1017 | { | 1019 | { |
1018 | static int attempt = 0; | 1020 | static int attempt = 0; |
1019 | char prompt[150]; | 1021 | char prompt[256]; |
1020 | char *password; | 1022 | char *password; |
1021 | const char *host = options.host_key_alias ? options.host_key_alias : | 1023 | const char *host = options.host_key_alias ? options.host_key_alias : |
1022 | authctxt->host; | 1024 | authctxt->host; |
@@ -1052,11 +1054,11 @@ userauth_passwd(Authctxt *authctxt) | |||
1052 | */ | 1054 | */ |
1053 | /* ARGSUSED */ | 1055 | /* ARGSUSED */ |
1054 | int | 1056 | int |
1055 | input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | 1057 | input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) |
1056 | { | 1058 | { |
1057 | Authctxt *authctxt = ctxt; | 1059 | Authctxt *authctxt = ssh->authctxt; |
1058 | char *info, *lang, *password = NULL, *retype = NULL; | 1060 | char *info, *lang, *password = NULL, *retype = NULL; |
1059 | char prompt[150]; | 1061 | char prompt[256]; |
1060 | const char *host; | 1062 | const char *host; |
1061 | 1063 | ||
1062 | debug2("input_userauth_passwd_changereq"); | 1064 | debug2("input_userauth_passwd_changereq"); |
@@ -1138,7 +1140,7 @@ static int | |||
1138 | identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | 1140 | identity_sign(struct identity *id, u_char **sigp, size_t *lenp, |
1139 | const u_char *data, size_t datalen, u_int compat) | 1141 | const u_char *data, size_t datalen, u_int compat) |
1140 | { | 1142 | { |
1141 | Key *prv; | 1143 | struct sshkey *prv; |
1142 | int ret; | 1144 | int ret; |
1143 | 1145 | ||
1144 | /* the agent supports this key */ | 1146 | /* the agent supports this key */ |
@@ -1158,6 +1160,11 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, | |||
1158 | /* load the private key from the file */ | 1160 | /* load the private key from the file */ |
1159 | if ((prv = load_identity_file(id)) == NULL) | 1161 | if ((prv = load_identity_file(id)) == NULL) |
1160 | return SSH_ERR_KEY_NOT_FOUND; | 1162 | return SSH_ERR_KEY_NOT_FOUND; |
1163 | if (id->key != NULL && !sshkey_equal_public(prv, id->key)) { | ||
1164 | error("%s: private key %s contents do not match public", | ||
1165 | __func__, id->filename); | ||
1166 | return SSH_ERR_KEY_NOT_FOUND; | ||
1167 | } | ||
1161 | ret = sshkey_sign(prv, sigp, lenp, data, datalen, | 1168 | ret = sshkey_sign(prv, sigp, lenp, data, datalen, |
1162 | key_sign_encode(prv), compat); | 1169 | key_sign_encode(prv), compat); |
1163 | sshkey_free(prv); | 1170 | sshkey_free(prv); |
@@ -1348,10 +1355,10 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
1348 | return 1; | 1355 | return 1; |
1349 | } | 1356 | } |
1350 | 1357 | ||
1351 | static Key * | 1358 | static struct sshkey * |
1352 | load_identity_file(Identity *id) | 1359 | load_identity_file(Identity *id) |
1353 | { | 1360 | { |
1354 | Key *private = NULL; | 1361 | struct sshkey *private = NULL; |
1355 | char prompt[300], *passphrase, *comment; | 1362 | char prompt[300], *passphrase, *comment; |
1356 | int r, perm_ok = 0, quit = 0, i; | 1363 | int r, perm_ok = 0, quit = 0, i; |
1357 | struct stat st; | 1364 | struct stat st; |
@@ -1440,8 +1447,6 @@ pubkey_prepare(Authctxt *authctxt) | |||
1440 | /* list of keys stored in the filesystem and PKCS#11 */ | 1447 | /* list of keys stored in the filesystem and PKCS#11 */ |
1441 | for (i = 0; i < options.num_identity_files; i++) { | 1448 | for (i = 0; i < options.num_identity_files; i++) { |
1442 | key = options.identity_keys[i]; | 1449 | key = options.identity_keys[i]; |
1443 | if (key && key->type == KEY_RSA1) | ||
1444 | continue; | ||
1445 | if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) | 1450 | if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) |
1446 | continue; | 1451 | continue; |
1447 | options.identity_keys[i] = NULL; | 1452 | options.identity_keys[i] = NULL; |
@@ -1470,7 +1475,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1470 | if (r != SSH_ERR_AGENT_NOT_PRESENT) | 1475 | if (r != SSH_ERR_AGENT_NOT_PRESENT) |
1471 | debug("%s: ssh_get_authentication_socket: %s", | 1476 | debug("%s: ssh_get_authentication_socket: %s", |
1472 | __func__, ssh_err(r)); | 1477 | __func__, ssh_err(r)); |
1473 | } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) { | 1478 | } else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) { |
1474 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) | 1479 | if (r != SSH_ERR_AGENT_NO_IDENTITIES) |
1475 | debug("%s: ssh_fetch_identitylist: %s", | 1480 | debug("%s: ssh_fetch_identitylist: %s", |
1476 | __func__, ssh_err(r)); | 1481 | __func__, ssh_err(r)); |
@@ -1594,7 +1599,7 @@ try_identity(Identity *id) | |||
1594 | key_type(id->key), id->filename); | 1599 | key_type(id->key), id->filename); |
1595 | return (0); | 1600 | return (0); |
1596 | } | 1601 | } |
1597 | return (id->key->type != KEY_RSA1); | 1602 | return 1; |
1598 | } | 1603 | } |
1599 | 1604 | ||
1600 | int | 1605 | int |
@@ -1602,6 +1607,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
1602 | { | 1607 | { |
1603 | Identity *id; | 1608 | Identity *id; |
1604 | int sent = 0; | 1609 | int sent = 0; |
1610 | char *fp; | ||
1605 | 1611 | ||
1606 | while ((id = TAILQ_FIRST(&authctxt->keys))) { | 1612 | while ((id = TAILQ_FIRST(&authctxt->keys))) { |
1607 | if (id->tried++) | 1613 | if (id->tried++) |
@@ -1616,8 +1622,16 @@ userauth_pubkey(Authctxt *authctxt) | |||
1616 | */ | 1622 | */ |
1617 | if (id->key != NULL) { | 1623 | if (id->key != NULL) { |
1618 | if (try_identity(id)) { | 1624 | if (try_identity(id)) { |
1619 | debug("Offering %s public key: %s", | 1625 | if ((fp = sshkey_fingerprint(id->key, |
1620 | key_type(id->key), id->filename); | 1626 | options.fingerprint_hash, |
1627 | SSH_FP_DEFAULT)) == NULL) { | ||
1628 | error("%s: sshkey_fingerprint failed", | ||
1629 | __func__); | ||
1630 | return 0; | ||
1631 | } | ||
1632 | debug("Offering public key: %s %s %s", | ||
1633 | sshkey_type(id->key), fp, id->filename); | ||
1634 | free(fp); | ||
1621 | sent = send_pubkey_test(authctxt, id); | 1635 | sent = send_pubkey_test(authctxt, id); |
1622 | } | 1636 | } |
1623 | } else { | 1637 | } else { |
@@ -1675,9 +1689,9 @@ userauth_kbdint(Authctxt *authctxt) | |||
1675 | * parse INFO_REQUEST, prompt user and send INFO_RESPONSE | 1689 | * parse INFO_REQUEST, prompt user and send INFO_RESPONSE |
1676 | */ | 1690 | */ |
1677 | int | 1691 | int |
1678 | input_userauth_info_req(int type, u_int32_t seq, void *ctxt) | 1692 | input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) |
1679 | { | 1693 | { |
1680 | Authctxt *authctxt = ctxt; | 1694 | Authctxt *authctxt = ssh->authctxt; |
1681 | char *name, *inst, *lang, *prompt, *response; | 1695 | char *name, *inst, *lang, *prompt, *response; |
1682 | u_int num_prompts, i; | 1696 | u_int num_prompts, i; |
1683 | int echo = 0; | 1697 | int echo = 0; |
@@ -1878,7 +1892,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
1878 | private = NULL; | 1892 | private = NULL; |
1879 | for (i = 0; i < authctxt->sensitive->nkeys; i++) { | 1893 | for (i = 0; i < authctxt->sensitive->nkeys; i++) { |
1880 | if (authctxt->sensitive->keys[i] == NULL || | 1894 | if (authctxt->sensitive->keys[i] == NULL || |
1881 | authctxt->sensitive->keys[i]->type == KEY_RSA1 || | ||
1882 | authctxt->sensitive->keys[i]->type == KEY_UNSPEC) | 1895 | authctxt->sensitive->keys[i]->type == KEY_UNSPEC) |
1883 | continue; | 1896 | continue; |
1884 | if (match_pattern_list( | 1897 | if (match_pattern_list( |