summaryrefslogtreecommitdiff
path: root/sshconnect2.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect2.c')
-rw-r--r--sshconnect2.c141
1 files changed, 77 insertions, 64 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 5743c2c41..c22477f59 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.255 2017/03/11 23:40:26 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -93,7 +93,7 @@ char *xxx_host;
93struct sockaddr *xxx_hostaddr; 93struct sockaddr *xxx_hostaddr;
94 94
95static int 95static int
96verify_host_key_callback(Key *hostkey, struct ssh *ssh) 96verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
97{ 97{
98 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) 98 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
99 fatal("Host key verification failed."); 99 fatal("Host key verification failed.");
@@ -267,7 +267,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
267 } 267 }
268#endif 268#endif
269 269
270 dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); 270 ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);
271 271
272 /* remove ext-info from the KEX proposals for rekeying */ 272 /* remove ext-info from the KEX proposals for rekeying */
273 myproposal[PROPOSAL_KEX_ALGS] = 273 myproposal[PROPOSAL_KEX_ALGS] =
@@ -347,16 +347,16 @@ struct cauthmethod {
347 int *batch_flag; /* flag in option struct that disables method */ 347 int *batch_flag; /* flag in option struct that disables method */
348}; 348};
349 349
350int input_userauth_service_accept(int, u_int32_t, void *); 350int input_userauth_service_accept(int, u_int32_t, struct ssh *);
351int input_userauth_ext_info(int, u_int32_t, void *); 351int input_userauth_ext_info(int, u_int32_t, struct ssh *);
352int input_userauth_success(int, u_int32_t, void *); 352int input_userauth_success(int, u_int32_t, struct ssh *);
353int input_userauth_success_unexpected(int, u_int32_t, void *); 353int input_userauth_success_unexpected(int, u_int32_t, struct ssh *);
354int input_userauth_failure(int, u_int32_t, void *); 354int input_userauth_failure(int, u_int32_t, struct ssh *);
355int input_userauth_banner(int, u_int32_t, void *); 355int input_userauth_banner(int, u_int32_t, struct ssh *);
356int input_userauth_error(int, u_int32_t, void *); 356int input_userauth_error(int, u_int32_t, struct ssh *);
357int input_userauth_info_req(int, u_int32_t, void *); 357int input_userauth_info_req(int, u_int32_t, struct ssh *);
358int input_userauth_pk_ok(int, u_int32_t, void *); 358int input_userauth_pk_ok(int, u_int32_t, struct ssh *);
359int input_userauth_passwd_changereq(int, u_int32_t, void *); 359int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
360 360
361int userauth_none(Authctxt *); 361int userauth_none(Authctxt *);
362int userauth_pubkey(Authctxt *); 362int userauth_pubkey(Authctxt *);
@@ -366,11 +366,11 @@ int userauth_hostbased(Authctxt *);
366 366
367#ifdef GSSAPI 367#ifdef GSSAPI
368int userauth_gssapi(Authctxt *authctxt); 368int userauth_gssapi(Authctxt *authctxt);
369int input_gssapi_response(int type, u_int32_t, void *); 369int input_gssapi_response(int type, u_int32_t, struct ssh *);
370int input_gssapi_token(int type, u_int32_t, void *); 370int input_gssapi_token(int type, u_int32_t, struct ssh *);
371int input_gssapi_hash(int type, u_int32_t, void *); 371int input_gssapi_hash(int type, u_int32_t, struct ssh *);
372int input_gssapi_error(int, u_int32_t, void *); 372int input_gssapi_error(int, u_int32_t, struct ssh *);
373int input_gssapi_errtok(int, u_int32_t, void *); 373int input_gssapi_errtok(int, u_int32_t, struct ssh *);
374int userauth_gsskeyex(Authctxt *authctxt); 374int userauth_gsskeyex(Authctxt *authctxt);
375#endif 375#endif
376 376
@@ -380,7 +380,7 @@ static int sign_and_send_pubkey(Authctxt *, Identity *);
380static void pubkey_prepare(Authctxt *); 380static void pubkey_prepare(Authctxt *);
381static void pubkey_cleanup(Authctxt *); 381static void pubkey_cleanup(Authctxt *);
382static void pubkey_reset(Authctxt *); 382static void pubkey_reset(Authctxt *);
383static Key *load_identity_file(Identity *); 383static struct sshkey *load_identity_file(Identity *);
384 384
385static Authmethod *authmethod_get(char *authlist); 385static Authmethod *authmethod_get(char *authlist);
386static Authmethod *authmethod_lookup(const char *name); 386static Authmethod *authmethod_lookup(const char *name);
@@ -463,10 +463,12 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
463 (r = sshpkt_send(ssh)) != 0) 463 (r = sshpkt_send(ssh)) != 0)
464 fatal("%s: %s", __func__, ssh_err(r)); 464 fatal("%s: %s", __func__, ssh_err(r));
465 465
466 ssh->authctxt = &authctxt;
466 ssh_dispatch_init(ssh, &input_userauth_error); 467 ssh_dispatch_init(ssh, &input_userauth_error);
467 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); 468 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
468 ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); 469 ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
469 ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ 470 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */
471 ssh->authctxt = NULL;
470 472
471 pubkey_cleanup(&authctxt); 473 pubkey_cleanup(&authctxt);
472 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); 474 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
@@ -478,10 +480,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
478 480
479/* ARGSUSED */ 481/* ARGSUSED */
480int 482int
481input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) 483input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
482{ 484{
483 Authctxt *authctxt = ctxt; 485 Authctxt *authctxt = ssh->authctxt;
484 struct ssh *ssh = active_state;
485 int r; 486 int r;
486 487
487 if (ssh_packet_remaining(ssh) > 0) { 488 if (ssh_packet_remaining(ssh) > 0) {
@@ -512,9 +513,9 @@ input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt)
512 513
513/* ARGSUSED */ 514/* ARGSUSED */
514int 515int
515input_userauth_ext_info(int type, u_int32_t seqnr, void *ctxt) 516input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
516{ 517{
517 return kex_input_ext_info(type, seqnr, active_state); 518 return kex_input_ext_info(type, seqnr, ssh);
518} 519}
519 520
520void 521void
@@ -534,7 +535,8 @@ userauth(Authctxt *authctxt, char *authlist)
534 for (;;) { 535 for (;;) {
535 Authmethod *method = authmethod_get(authlist); 536 Authmethod *method = authmethod_get(authlist);
536 if (method == NULL) 537 if (method == NULL)
537 fatal("Permission denied (%s).", authlist); 538 fatal("%s@%s: Permission denied (%s).",
539 authctxt->server_user, authctxt->host, authlist);
538 authctxt->method = method; 540 authctxt->method = method;
539 541
540 /* reset the per method handler */ 542 /* reset the per method handler */
@@ -554,7 +556,7 @@ userauth(Authctxt *authctxt, char *authlist)
554 556
555/* ARGSUSED */ 557/* ARGSUSED */
556int 558int
557input_userauth_error(int type, u_int32_t seq, void *ctxt) 559input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
558{ 560{
559 fatal("input_userauth_error: bad message during authentication: " 561 fatal("input_userauth_error: bad message during authentication: "
560 "type %d", type); 562 "type %d", type);
@@ -563,7 +565,7 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt)
563 565
564/* ARGSUSED */ 566/* ARGSUSED */
565int 567int
566input_userauth_banner(int type, u_int32_t seq, void *ctxt) 568input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
567{ 569{
568 char *msg, *lang; 570 char *msg, *lang;
569 u_int len; 571 u_int len;
@@ -580,9 +582,9 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
580 582
581/* ARGSUSED */ 583/* ARGSUSED */
582int 584int
583input_userauth_success(int type, u_int32_t seq, void *ctxt) 585input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
584{ 586{
585 Authctxt *authctxt = ctxt; 587 Authctxt *authctxt = ssh->authctxt;
586 588
587 if (authctxt == NULL) 589 if (authctxt == NULL)
588 fatal("input_userauth_success: no authentication context"); 590 fatal("input_userauth_success: no authentication context");
@@ -597,9 +599,9 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
597} 599}
598 600
599int 601int
600input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) 602input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
601{ 603{
602 Authctxt *authctxt = ctxt; 604 Authctxt *authctxt = ssh->authctxt;
603 605
604 if (authctxt == NULL) 606 if (authctxt == NULL)
605 fatal("%s: no authentication context", __func__); 607 fatal("%s: no authentication context", __func__);
@@ -611,9 +613,9 @@ input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
611 613
612/* ARGSUSED */ 614/* ARGSUSED */
613int 615int
614input_userauth_failure(int type, u_int32_t seq, void *ctxt) 616input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
615{ 617{
616 Authctxt *authctxt = ctxt; 618 Authctxt *authctxt = ssh->authctxt;
617 char *authlist = NULL; 619 char *authlist = NULL;
618 int partial; 620 int partial;
619 621
@@ -637,10 +639,10 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt)
637 639
638/* ARGSUSED */ 640/* ARGSUSED */
639int 641int
640input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) 642input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
641{ 643{
642 Authctxt *authctxt = ctxt; 644 Authctxt *authctxt = ssh->authctxt;
643 Key *key = NULL; 645 struct sshkey *key = NULL;
644 Identity *id = NULL; 646 Identity *id = NULL;
645 Buffer b; 647 Buffer b;
646 int pktype, sent = 0; 648 int pktype, sent = 0;
@@ -783,9 +785,9 @@ userauth_gssapi(Authctxt *authctxt)
783} 785}
784 786
785static OM_uint32 787static OM_uint32
786process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) 788process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
787{ 789{
788 Authctxt *authctxt = ctxt; 790 Authctxt *authctxt = ssh->authctxt;
789 Gssctxt *gssctxt = authctxt->methoddata; 791 Gssctxt *gssctxt = authctxt->methoddata;
790 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 792 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
791 gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; 793 gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
@@ -838,9 +840,9 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
838 840
839/* ARGSUSED */ 841/* ARGSUSED */
840int 842int
841input_gssapi_response(int type, u_int32_t plen, void *ctxt) 843input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
842{ 844{
843 Authctxt *authctxt = ctxt; 845 Authctxt *authctxt = ssh->authctxt;
844 Gssctxt *gssctxt; 846 Gssctxt *gssctxt;
845 u_int oidlen; 847 u_int oidlen;
846 u_char *oidv; 848 u_char *oidv;
@@ -868,7 +870,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
868 870
869 free(oidv); 871 free(oidv);
870 872
871 if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { 873 if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) {
872 /* Start again with next method on list */ 874 /* Start again with next method on list */
873 debug("Trying to start again"); 875 debug("Trying to start again");
874 userauth(authctxt, NULL); 876 userauth(authctxt, NULL);
@@ -879,9 +881,9 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
879 881
880/* ARGSUSED */ 882/* ARGSUSED */
881int 883int
882input_gssapi_token(int type, u_int32_t plen, void *ctxt) 884input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
883{ 885{
884 Authctxt *authctxt = ctxt; 886 Authctxt *authctxt = ssh->authctxt;
885 gss_buffer_desc recv_tok; 887 gss_buffer_desc recv_tok;
886 OM_uint32 status; 888 OM_uint32 status;
887 u_int slen; 889 u_int slen;
@@ -894,7 +896,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
894 896
895 packet_check_eom(); 897 packet_check_eom();
896 898
897 status = process_gssapi_token(ctxt, &recv_tok); 899 status = process_gssapi_token(ssh, &recv_tok);
898 900
899 free(recv_tok.value); 901 free(recv_tok.value);
900 902
@@ -908,9 +910,9 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
908 910
909/* ARGSUSED */ 911/* ARGSUSED */
910int 912int
911input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) 913input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
912{ 914{
913 Authctxt *authctxt = ctxt; 915 Authctxt *authctxt = ssh->authctxt;
914 Gssctxt *gssctxt; 916 Gssctxt *gssctxt;
915 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 917 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
916 gss_buffer_desc recv_tok; 918 gss_buffer_desc recv_tok;
@@ -939,7 +941,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
939 941
940/* ARGSUSED */ 942/* ARGSUSED */
941int 943int
942input_gssapi_error(int type, u_int32_t plen, void *ctxt) 944input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
943{ 945{
944 char *msg; 946 char *msg;
945 char *lang; 947 char *lang;
@@ -1016,7 +1018,7 @@ int
1016userauth_passwd(Authctxt *authctxt) 1018userauth_passwd(Authctxt *authctxt)
1017{ 1019{
1018 static int attempt = 0; 1020 static int attempt = 0;
1019 char prompt[150]; 1021 char prompt[256];
1020 char *password; 1022 char *password;
1021 const char *host = options.host_key_alias ? options.host_key_alias : 1023 const char *host = options.host_key_alias ? options.host_key_alias :
1022 authctxt->host; 1024 authctxt->host;
@@ -1052,11 +1054,11 @@ userauth_passwd(Authctxt *authctxt)
1052 */ 1054 */
1053/* ARGSUSED */ 1055/* ARGSUSED */
1054int 1056int
1055input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) 1057input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
1056{ 1058{
1057 Authctxt *authctxt = ctxt; 1059 Authctxt *authctxt = ssh->authctxt;
1058 char *info, *lang, *password = NULL, *retype = NULL; 1060 char *info, *lang, *password = NULL, *retype = NULL;
1059 char prompt[150]; 1061 char prompt[256];
1060 const char *host; 1062 const char *host;
1061 1063
1062 debug2("input_userauth_passwd_changereq"); 1064 debug2("input_userauth_passwd_changereq");
@@ -1138,7 +1140,7 @@ static int
1138identity_sign(struct identity *id, u_char **sigp, size_t *lenp, 1140identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1139 const u_char *data, size_t datalen, u_int compat) 1141 const u_char *data, size_t datalen, u_int compat)
1140{ 1142{
1141 Key *prv; 1143 struct sshkey *prv;
1142 int ret; 1144 int ret;
1143 1145
1144 /* the agent supports this key */ 1146 /* the agent supports this key */
@@ -1158,6 +1160,11 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1158 /* load the private key from the file */ 1160 /* load the private key from the file */
1159 if ((prv = load_identity_file(id)) == NULL) 1161 if ((prv = load_identity_file(id)) == NULL)
1160 return SSH_ERR_KEY_NOT_FOUND; 1162 return SSH_ERR_KEY_NOT_FOUND;
1163 if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
1164 error("%s: private key %s contents do not match public",
1165 __func__, id->filename);
1166 return SSH_ERR_KEY_NOT_FOUND;
1167 }
1161 ret = sshkey_sign(prv, sigp, lenp, data, datalen, 1168 ret = sshkey_sign(prv, sigp, lenp, data, datalen,
1162 key_sign_encode(prv), compat); 1169 key_sign_encode(prv), compat);
1163 sshkey_free(prv); 1170 sshkey_free(prv);
@@ -1348,10 +1355,10 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
1348 return 1; 1355 return 1;
1349} 1356}
1350 1357
1351static Key * 1358static struct sshkey *
1352load_identity_file(Identity *id) 1359load_identity_file(Identity *id)
1353{ 1360{
1354 Key *private = NULL; 1361 struct sshkey *private = NULL;
1355 char prompt[300], *passphrase, *comment; 1362 char prompt[300], *passphrase, *comment;
1356 int r, perm_ok = 0, quit = 0, i; 1363 int r, perm_ok = 0, quit = 0, i;
1357 struct stat st; 1364 struct stat st;
@@ -1440,8 +1447,6 @@ pubkey_prepare(Authctxt *authctxt)
1440 /* list of keys stored in the filesystem and PKCS#11 */ 1447 /* list of keys stored in the filesystem and PKCS#11 */
1441 for (i = 0; i < options.num_identity_files; i++) { 1448 for (i = 0; i < options.num_identity_files; i++) {
1442 key = options.identity_keys[i]; 1449 key = options.identity_keys[i];
1443 if (key && key->type == KEY_RSA1)
1444 continue;
1445 if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) 1450 if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
1446 continue; 1451 continue;
1447 options.identity_keys[i] = NULL; 1452 options.identity_keys[i] = NULL;
@@ -1470,7 +1475,7 @@ pubkey_prepare(Authctxt *authctxt)
1470 if (r != SSH_ERR_AGENT_NOT_PRESENT) 1475 if (r != SSH_ERR_AGENT_NOT_PRESENT)
1471 debug("%s: ssh_get_authentication_socket: %s", 1476 debug("%s: ssh_get_authentication_socket: %s",
1472 __func__, ssh_err(r)); 1477 __func__, ssh_err(r));
1473 } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) { 1478 } else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
1474 if (r != SSH_ERR_AGENT_NO_IDENTITIES) 1479 if (r != SSH_ERR_AGENT_NO_IDENTITIES)
1475 debug("%s: ssh_fetch_identitylist: %s", 1480 debug("%s: ssh_fetch_identitylist: %s",
1476 __func__, ssh_err(r)); 1481 __func__, ssh_err(r));
@@ -1594,7 +1599,7 @@ try_identity(Identity *id)
1594 key_type(id->key), id->filename); 1599 key_type(id->key), id->filename);
1595 return (0); 1600 return (0);
1596 } 1601 }
1597 return (id->key->type != KEY_RSA1); 1602 return 1;
1598} 1603}
1599 1604
1600int 1605int
@@ -1602,6 +1607,7 @@ userauth_pubkey(Authctxt *authctxt)
1602{ 1607{
1603 Identity *id; 1608 Identity *id;
1604 int sent = 0; 1609 int sent = 0;
1610 char *fp;
1605 1611
1606 while ((id = TAILQ_FIRST(&authctxt->keys))) { 1612 while ((id = TAILQ_FIRST(&authctxt->keys))) {
1607 if (id->tried++) 1613 if (id->tried++)
@@ -1616,8 +1622,16 @@ userauth_pubkey(Authctxt *authctxt)
1616 */ 1622 */
1617 if (id->key != NULL) { 1623 if (id->key != NULL) {
1618 if (try_identity(id)) { 1624 if (try_identity(id)) {
1619 debug("Offering %s public key: %s", 1625 if ((fp = sshkey_fingerprint(id->key,
1620 key_type(id->key), id->filename); 1626 options.fingerprint_hash,
1627 SSH_FP_DEFAULT)) == NULL) {
1628 error("%s: sshkey_fingerprint failed",
1629 __func__);
1630 return 0;
1631 }
1632 debug("Offering public key: %s %s %s",
1633 sshkey_type(id->key), fp, id->filename);
1634 free(fp);
1621 sent = send_pubkey_test(authctxt, id); 1635 sent = send_pubkey_test(authctxt, id);
1622 } 1636 }
1623 } else { 1637 } else {
@@ -1675,9 +1689,9 @@ userauth_kbdint(Authctxt *authctxt)
1675 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE 1689 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1676 */ 1690 */
1677int 1691int
1678input_userauth_info_req(int type, u_int32_t seq, void *ctxt) 1692input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
1679{ 1693{
1680 Authctxt *authctxt = ctxt; 1694 Authctxt *authctxt = ssh->authctxt;
1681 char *name, *inst, *lang, *prompt, *response; 1695 char *name, *inst, *lang, *prompt, *response;
1682 u_int num_prompts, i; 1696 u_int num_prompts, i;
1683 int echo = 0; 1697 int echo = 0;
@@ -1878,7 +1892,6 @@ userauth_hostbased(Authctxt *authctxt)
1878 private = NULL; 1892 private = NULL;
1879 for (i = 0; i < authctxt->sensitive->nkeys; i++) { 1893 for (i = 0; i < authctxt->sensitive->nkeys; i++) {
1880 if (authctxt->sensitive->keys[i] == NULL || 1894 if (authctxt->sensitive->keys[i] == NULL ||
1881 authctxt->sensitive->keys[i]->type == KEY_RSA1 ||
1882 authctxt->sensitive->keys[i]->type == KEY_UNSPEC) 1895 authctxt->sensitive->keys[i]->type == KEY_UNSPEC)
1883 continue; 1896 continue;
1884 if (match_pattern_list( 1897 if (match_pattern_list(
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-30 05:01:55 +0000