summaryrefslogtreecommitdiff
path: root/sshconnect2.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect2.c')
-rw-r--r--sshconnect2.c141
1 files changed, 77 insertions, 64 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index f8a54beea..be9397e48 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.255 2017/03/11 23:40:26 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -93,7 +93,7 @@ char *xxx_host;
93struct sockaddr *xxx_hostaddr; 93struct sockaddr *xxx_hostaddr;
94 94
95static int 95static int
96verify_host_key_callback(Key *hostkey, struct ssh *ssh) 96verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
97{ 97{
98 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) 98 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
99 fatal("Host key verification failed."); 99 fatal("Host key verification failed.");
@@ -217,7 +217,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
217 kex->server_version_string=server_version_string; 217 kex->server_version_string=server_version_string;
218 kex->verify_host_key=&verify_host_key_callback; 218 kex->verify_host_key=&verify_host_key_callback;
219 219
220 dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); 220 ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);
221 221
222 /* remove ext-info from the KEX proposals for rekeying */ 222 /* remove ext-info from the KEX proposals for rekeying */
223 myproposal[PROPOSAL_KEX_ALGS] = 223 myproposal[PROPOSAL_KEX_ALGS] =
@@ -287,16 +287,16 @@ struct cauthmethod {
287 int *batch_flag; /* flag in option struct that disables method */ 287 int *batch_flag; /* flag in option struct that disables method */
288}; 288};
289 289
290int input_userauth_service_accept(int, u_int32_t, void *); 290int input_userauth_service_accept(int, u_int32_t, struct ssh *);
291int input_userauth_ext_info(int, u_int32_t, void *); 291int input_userauth_ext_info(int, u_int32_t, struct ssh *);
292int input_userauth_success(int, u_int32_t, void *); 292int input_userauth_success(int, u_int32_t, struct ssh *);
293int input_userauth_success_unexpected(int, u_int32_t, void *); 293int input_userauth_success_unexpected(int, u_int32_t, struct ssh *);
294int input_userauth_failure(int, u_int32_t, void *); 294int input_userauth_failure(int, u_int32_t, struct ssh *);
295int input_userauth_banner(int, u_int32_t, void *); 295int input_userauth_banner(int, u_int32_t, struct ssh *);
296int input_userauth_error(int, u_int32_t, void *); 296int input_userauth_error(int, u_int32_t, struct ssh *);
297int input_userauth_info_req(int, u_int32_t, void *); 297int input_userauth_info_req(int, u_int32_t, struct ssh *);
298int input_userauth_pk_ok(int, u_int32_t, void *); 298int input_userauth_pk_ok(int, u_int32_t, struct ssh *);
299int input_userauth_passwd_changereq(int, u_int32_t, void *); 299int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
300 300
301int userauth_none(Authctxt *); 301int userauth_none(Authctxt *);
302int userauth_pubkey(Authctxt *); 302int userauth_pubkey(Authctxt *);
@@ -306,11 +306,11 @@ int userauth_hostbased(Authctxt *);
306 306
307#ifdef GSSAPI 307#ifdef GSSAPI
308int userauth_gssapi(Authctxt *authctxt); 308int userauth_gssapi(Authctxt *authctxt);
309int input_gssapi_response(int type, u_int32_t, void *); 309int input_gssapi_response(int type, u_int32_t, struct ssh *);
310int input_gssapi_token(int type, u_int32_t, void *); 310int input_gssapi_token(int type, u_int32_t, struct ssh *);
311int input_gssapi_hash(int type, u_int32_t, void *); 311int input_gssapi_hash(int type, u_int32_t, struct ssh *);
312int input_gssapi_error(int, u_int32_t, void *); 312int input_gssapi_error(int, u_int32_t, struct ssh *);
313int input_gssapi_errtok(int, u_int32_t, void *); 313int input_gssapi_errtok(int, u_int32_t, struct ssh *);
314#endif 314#endif
315 315
316void userauth(Authctxt *, char *); 316void userauth(Authctxt *, char *);
@@ -319,7 +319,7 @@ static int sign_and_send_pubkey(Authctxt *, Identity *);
319static void pubkey_prepare(Authctxt *); 319static void pubkey_prepare(Authctxt *);
320static void pubkey_cleanup(Authctxt *); 320static void pubkey_cleanup(Authctxt *);
321static void pubkey_reset(Authctxt *); 321static void pubkey_reset(Authctxt *);
322static Key *load_identity_file(Identity *); 322static struct sshkey *load_identity_file(Identity *);
323 323
324static Authmethod *authmethod_get(char *authlist); 324static Authmethod *authmethod_get(char *authlist);
325static Authmethod *authmethod_lookup(const char *name); 325static Authmethod *authmethod_lookup(const char *name);
@@ -397,10 +397,12 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
397 (r = sshpkt_send(ssh)) != 0) 397 (r = sshpkt_send(ssh)) != 0)
398 fatal("%s: %s", __func__, ssh_err(r)); 398 fatal("%s: %s", __func__, ssh_err(r));
399 399
400 ssh->authctxt = &authctxt;
400 ssh_dispatch_init(ssh, &input_userauth_error); 401 ssh_dispatch_init(ssh, &input_userauth_error);
401 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); 402 ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
402 ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); 403 ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
403 ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ 404 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */
405 ssh->authctxt = NULL;
404 406
405 pubkey_cleanup(&authctxt); 407 pubkey_cleanup(&authctxt);
406 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); 408 ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
@@ -412,10 +414,9 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
412 414
413/* ARGSUSED */ 415/* ARGSUSED */
414int 416int
415input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) 417input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
416{ 418{
417 Authctxt *authctxt = ctxt; 419 Authctxt *authctxt = ssh->authctxt;
418 struct ssh *ssh = active_state;
419 int r; 420 int r;
420 421
421 if (ssh_packet_remaining(ssh) > 0) { 422 if (ssh_packet_remaining(ssh) > 0) {
@@ -446,9 +447,9 @@ input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt)
446 447
447/* ARGSUSED */ 448/* ARGSUSED */
448int 449int
449input_userauth_ext_info(int type, u_int32_t seqnr, void *ctxt) 450input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
450{ 451{
451 return kex_input_ext_info(type, seqnr, active_state); 452 return kex_input_ext_info(type, seqnr, ssh);
452} 453}
453 454
454void 455void
@@ -468,7 +469,8 @@ userauth(Authctxt *authctxt, char *authlist)
468 for (;;) { 469 for (;;) {
469 Authmethod *method = authmethod_get(authlist); 470 Authmethod *method = authmethod_get(authlist);
470 if (method == NULL) 471 if (method == NULL)
471 fatal("Permission denied (%s).", authlist); 472 fatal("%s@%s: Permission denied (%s).",
473 authctxt->server_user, authctxt->host, authlist);
472 authctxt->method = method; 474 authctxt->method = method;
473 475
474 /* reset the per method handler */ 476 /* reset the per method handler */
@@ -488,7 +490,7 @@ userauth(Authctxt *authctxt, char *authlist)
488 490
489/* ARGSUSED */ 491/* ARGSUSED */
490int 492int
491input_userauth_error(int type, u_int32_t seq, void *ctxt) 493input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
492{ 494{
493 fatal("input_userauth_error: bad message during authentication: " 495 fatal("input_userauth_error: bad message during authentication: "
494 "type %d", type); 496 "type %d", type);
@@ -497,7 +499,7 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt)
497 499
498/* ARGSUSED */ 500/* ARGSUSED */
499int 501int
500input_userauth_banner(int type, u_int32_t seq, void *ctxt) 502input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
501{ 503{
502 char *msg, *lang; 504 char *msg, *lang;
503 u_int len; 505 u_int len;
@@ -514,9 +516,9 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
514 516
515/* ARGSUSED */ 517/* ARGSUSED */
516int 518int
517input_userauth_success(int type, u_int32_t seq, void *ctxt) 519input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
518{ 520{
519 Authctxt *authctxt = ctxt; 521 Authctxt *authctxt = ssh->authctxt;
520 522
521 if (authctxt == NULL) 523 if (authctxt == NULL)
522 fatal("input_userauth_success: no authentication context"); 524 fatal("input_userauth_success: no authentication context");
@@ -531,9 +533,9 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
531} 533}
532 534
533int 535int
534input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) 536input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
535{ 537{
536 Authctxt *authctxt = ctxt; 538 Authctxt *authctxt = ssh->authctxt;
537 539
538 if (authctxt == NULL) 540 if (authctxt == NULL)
539 fatal("%s: no authentication context", __func__); 541 fatal("%s: no authentication context", __func__);
@@ -545,9 +547,9 @@ input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
545 547
546/* ARGSUSED */ 548/* ARGSUSED */
547int 549int
548input_userauth_failure(int type, u_int32_t seq, void *ctxt) 550input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
549{ 551{
550 Authctxt *authctxt = ctxt; 552 Authctxt *authctxt = ssh->authctxt;
551 char *authlist = NULL; 553 char *authlist = NULL;
552 int partial; 554 int partial;
553 555
@@ -571,10 +573,10 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt)
571 573
572/* ARGSUSED */ 574/* ARGSUSED */
573int 575int
574input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) 576input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
575{ 577{
576 Authctxt *authctxt = ctxt; 578 Authctxt *authctxt = ssh->authctxt;
577 Key *key = NULL; 579 struct sshkey *key = NULL;
578 Identity *id = NULL; 580 Identity *id = NULL;
579 Buffer b; 581 Buffer b;
580 int pktype, sent = 0; 582 int pktype, sent = 0;
@@ -702,9 +704,9 @@ userauth_gssapi(Authctxt *authctxt)
702} 704}
703 705
704static OM_uint32 706static OM_uint32
705process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) 707process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
706{ 708{
707 Authctxt *authctxt = ctxt; 709 Authctxt *authctxt = ssh->authctxt;
708 Gssctxt *gssctxt = authctxt->methoddata; 710 Gssctxt *gssctxt = authctxt->methoddata;
709 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 711 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
710 gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; 712 gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
@@ -757,9 +759,9 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
757 759
758/* ARGSUSED */ 760/* ARGSUSED */
759int 761int
760input_gssapi_response(int type, u_int32_t plen, void *ctxt) 762input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
761{ 763{
762 Authctxt *authctxt = ctxt; 764 Authctxt *authctxt = ssh->authctxt;
763 Gssctxt *gssctxt; 765 Gssctxt *gssctxt;
764 int oidlen; 766 int oidlen;
765 char *oidv; 767 char *oidv;
@@ -787,7 +789,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
787 789
788 free(oidv); 790 free(oidv);
789 791
790 if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { 792 if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) {
791 /* Start again with next method on list */ 793 /* Start again with next method on list */
792 debug("Trying to start again"); 794 debug("Trying to start again");
793 userauth(authctxt, NULL); 795 userauth(authctxt, NULL);
@@ -798,9 +800,9 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
798 800
799/* ARGSUSED */ 801/* ARGSUSED */
800int 802int
801input_gssapi_token(int type, u_int32_t plen, void *ctxt) 803input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
802{ 804{
803 Authctxt *authctxt = ctxt; 805 Authctxt *authctxt = ssh->authctxt;
804 gss_buffer_desc recv_tok; 806 gss_buffer_desc recv_tok;
805 OM_uint32 status; 807 OM_uint32 status;
806 u_int slen; 808 u_int slen;
@@ -813,7 +815,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
813 815
814 packet_check_eom(); 816 packet_check_eom();
815 817
816 status = process_gssapi_token(ctxt, &recv_tok); 818 status = process_gssapi_token(ssh, &recv_tok);
817 819
818 free(recv_tok.value); 820 free(recv_tok.value);
819 821
@@ -827,9 +829,9 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
827 829
828/* ARGSUSED */ 830/* ARGSUSED */
829int 831int
830input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) 832input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
831{ 833{
832 Authctxt *authctxt = ctxt; 834 Authctxt *authctxt = ssh->authctxt;
833 Gssctxt *gssctxt; 835 Gssctxt *gssctxt;
834 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 836 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
835 gss_buffer_desc recv_tok; 837 gss_buffer_desc recv_tok;
@@ -858,7 +860,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
858 860
859/* ARGSUSED */ 861/* ARGSUSED */
860int 862int
861input_gssapi_error(int type, u_int32_t plen, void *ctxt) 863input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
862{ 864{
863 char *msg; 865 char *msg;
864 char *lang; 866 char *lang;
@@ -893,7 +895,7 @@ int
893userauth_passwd(Authctxt *authctxt) 895userauth_passwd(Authctxt *authctxt)
894{ 896{
895 static int attempt = 0; 897 static int attempt = 0;
896 char prompt[150]; 898 char prompt[256];
897 char *password; 899 char *password;
898 const char *host = options.host_key_alias ? options.host_key_alias : 900 const char *host = options.host_key_alias ? options.host_key_alias :
899 authctxt->host; 901 authctxt->host;
@@ -929,11 +931,11 @@ userauth_passwd(Authctxt *authctxt)
929 */ 931 */
930/* ARGSUSED */ 932/* ARGSUSED */
931int 933int
932input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) 934input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
933{ 935{
934 Authctxt *authctxt = ctxt; 936 Authctxt *authctxt = ssh->authctxt;
935 char *info, *lang, *password = NULL, *retype = NULL; 937 char *info, *lang, *password = NULL, *retype = NULL;
936 char prompt[150]; 938 char prompt[256];
937 const char *host; 939 const char *host;
938 940
939 debug2("input_userauth_passwd_changereq"); 941 debug2("input_userauth_passwd_changereq");
@@ -1015,7 +1017,7 @@ static int
1015identity_sign(struct identity *id, u_char **sigp, size_t *lenp, 1017identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1016 const u_char *data, size_t datalen, u_int compat) 1018 const u_char *data, size_t datalen, u_int compat)
1017{ 1019{
1018 Key *prv; 1020 struct sshkey *prv;
1019 int ret; 1021 int ret;
1020 1022
1021 /* the agent supports this key */ 1023 /* the agent supports this key */
@@ -1035,6 +1037,11 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1035 /* load the private key from the file */ 1037 /* load the private key from the file */
1036 if ((prv = load_identity_file(id)) == NULL) 1038 if ((prv = load_identity_file(id)) == NULL)
1037 return SSH_ERR_KEY_NOT_FOUND; 1039 return SSH_ERR_KEY_NOT_FOUND;
1040 if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
1041 error("%s: private key %s contents do not match public",
1042 __func__, id->filename);
1043 return SSH_ERR_KEY_NOT_FOUND;
1044 }
1038 ret = sshkey_sign(prv, sigp, lenp, data, datalen, 1045 ret = sshkey_sign(prv, sigp, lenp, data, datalen,
1039 key_sign_encode(prv), compat); 1046 key_sign_encode(prv), compat);
1040 sshkey_free(prv); 1047 sshkey_free(prv);
@@ -1225,10 +1232,10 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
1225 return 1; 1232 return 1;
1226} 1233}
1227 1234
1228static Key * 1235static struct sshkey *
1229load_identity_file(Identity *id) 1236load_identity_file(Identity *id)
1230{ 1237{
1231 Key *private = NULL; 1238 struct sshkey *private = NULL;
1232 char prompt[300], *passphrase, *comment; 1239 char prompt[300], *passphrase, *comment;
1233 int r, perm_ok = 0, quit = 0, i; 1240 int r, perm_ok = 0, quit = 0, i;
1234 struct stat st; 1241 struct stat st;
@@ -1317,8 +1324,6 @@ pubkey_prepare(Authctxt *authctxt)
1317 /* list of keys stored in the filesystem and PKCS#11 */ 1324 /* list of keys stored in the filesystem and PKCS#11 */
1318 for (i = 0; i < options.num_identity_files; i++) { 1325 for (i = 0; i < options.num_identity_files; i++) {
1319 key = options.identity_keys[i]; 1326 key = options.identity_keys[i];
1320 if (key && key->type == KEY_RSA1)
1321 continue;
1322 if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER) 1327 if (key && key->cert && key->cert->type != SSH2_CERT_TYPE_USER)
1323 continue; 1328 continue;
1324 options.identity_keys[i] = NULL; 1329 options.identity_keys[i] = NULL;
@@ -1347,7 +1352,7 @@ pubkey_prepare(Authctxt *authctxt)
1347 if (r != SSH_ERR_AGENT_NOT_PRESENT) 1352 if (r != SSH_ERR_AGENT_NOT_PRESENT)
1348 debug("%s: ssh_get_authentication_socket: %s", 1353 debug("%s: ssh_get_authentication_socket: %s",
1349 __func__, ssh_err(r)); 1354 __func__, ssh_err(r));
1350 } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) { 1355 } else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
1351 if (r != SSH_ERR_AGENT_NO_IDENTITIES) 1356 if (r != SSH_ERR_AGENT_NO_IDENTITIES)
1352 debug("%s: ssh_fetch_identitylist: %s", 1357 debug("%s: ssh_fetch_identitylist: %s",
1353 __func__, ssh_err(r)); 1358 __func__, ssh_err(r));
@@ -1471,7 +1476,7 @@ try_identity(Identity *id)
1471 key_type(id->key), id->filename); 1476 key_type(id->key), id->filename);
1472 return (0); 1477 return (0);
1473 } 1478 }
1474 return (id->key->type != KEY_RSA1); 1479 return 1;
1475} 1480}
1476 1481
1477int 1482int
@@ -1479,6 +1484,7 @@ userauth_pubkey(Authctxt *authctxt)
1479{ 1484{
1480 Identity *id; 1485 Identity *id;
1481 int sent = 0; 1486 int sent = 0;
1487 char *fp;
1482 1488
1483 while ((id = TAILQ_FIRST(&authctxt->keys))) { 1489 while ((id = TAILQ_FIRST(&authctxt->keys))) {
1484 if (id->tried++) 1490 if (id->tried++)
@@ -1493,8 +1499,16 @@ userauth_pubkey(Authctxt *authctxt)
1493 */ 1499 */
1494 if (id->key != NULL) { 1500 if (id->key != NULL) {
1495 if (try_identity(id)) { 1501 if (try_identity(id)) {
1496 debug("Offering %s public key: %s", 1502 if ((fp = sshkey_fingerprint(id->key,
1497 key_type(id->key), id->filename); 1503 options.fingerprint_hash,
1504 SSH_FP_DEFAULT)) == NULL) {
1505 error("%s: sshkey_fingerprint failed",
1506 __func__);
1507 return 0;
1508 }
1509 debug("Offering public key: %s %s %s",
1510 sshkey_type(id->key), fp, id->filename);
1511 free(fp);
1498 sent = send_pubkey_test(authctxt, id); 1512 sent = send_pubkey_test(authctxt, id);
1499 } 1513 }
1500 } else { 1514 } else {
@@ -1552,9 +1566,9 @@ userauth_kbdint(Authctxt *authctxt)
1552 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE 1566 * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
1553 */ 1567 */
1554int 1568int
1555input_userauth_info_req(int type, u_int32_t seq, void *ctxt) 1569input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
1556{ 1570{
1557 Authctxt *authctxt = ctxt; 1571 Authctxt *authctxt = ssh->authctxt;
1558 char *name, *inst, *lang, *prompt, *response; 1572 char *name, *inst, *lang, *prompt, *response;
1559 u_int num_prompts, i; 1573 u_int num_prompts, i;
1560 int echo = 0; 1574 int echo = 0;
@@ -1755,7 +1769,6 @@ userauth_hostbased(Authctxt *authctxt)
1755 private = NULL; 1769 private = NULL;
1756 for (i = 0; i < authctxt->sensitive->nkeys; i++) { 1770 for (i = 0; i < authctxt->sensitive->nkeys; i++) {
1757 if (authctxt->sensitive->keys[i] == NULL || 1771 if (authctxt->sensitive->keys[i] == NULL ||
1758 authctxt->sensitive->keys[i]->type == KEY_RSA1 ||
1759 authctxt->sensitive->keys[i]->type == KEY_UNSPEC) 1772 authctxt->sensitive->keys[i]->type == KEY_UNSPEC)
1760 continue; 1773 continue;
1761 if (match_pattern_list( 1774 if (match_pattern_list(
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 18:21:34 +0000