diff options
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 55 |
1 files changed, 10 insertions, 45 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index be9397e48..870c3d270 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.267 2018/01/23 05:27:21 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -578,7 +578,6 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | |||
578 | Authctxt *authctxt = ssh->authctxt; | 578 | Authctxt *authctxt = ssh->authctxt; |
579 | struct sshkey *key = NULL; | 579 | struct sshkey *key = NULL; |
580 | Identity *id = NULL; | 580 | Identity *id = NULL; |
581 | Buffer b; | ||
582 | int pktype, sent = 0; | 581 | int pktype, sent = 0; |
583 | u_int alen, blen; | 582 | u_int alen, blen; |
584 | char *pkalg, *fp; | 583 | char *pkalg, *fp; |
@@ -586,18 +585,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) | |||
586 | 585 | ||
587 | if (authctxt == NULL) | 586 | if (authctxt == NULL) |
588 | fatal("input_userauth_pk_ok: no authentication context"); | 587 | fatal("input_userauth_pk_ok: no authentication context"); |
589 | if (datafellows & SSH_BUG_PKOK) { | 588 | |
590 | /* this is similar to SSH_BUG_PKAUTH */ | 589 | pkalg = packet_get_string(&alen); |
591 | debug2("input_userauth_pk_ok: SSH_BUG_PKOK"); | 590 | pkblob = packet_get_string(&blen); |
592 | pkblob = packet_get_string(&blen); | ||
593 | buffer_init(&b); | ||
594 | buffer_append(&b, pkblob, blen); | ||
595 | pkalg = buffer_get_string(&b, &alen); | ||
596 | buffer_free(&b); | ||
597 | } else { | ||
598 | pkalg = packet_get_string(&alen); | ||
599 | pkblob = packet_get_string(&blen); | ||
600 | } | ||
601 | packet_check_eom(); | 591 | packet_check_eom(); |
602 | 592 | ||
603 | debug("Server accepts key: pkalg %s blen %u", pkalg, blen); | 593 | debug("Server accepts key: pkalg %s blen %u", pkalg, blen); |
@@ -1100,17 +1090,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1100 | } | 1090 | } |
1101 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 1091 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
1102 | buffer_put_cstring(&b, authctxt->server_user); | 1092 | buffer_put_cstring(&b, authctxt->server_user); |
1103 | buffer_put_cstring(&b, | 1093 | buffer_put_cstring(&b, authctxt->service); |
1104 | datafellows & SSH_BUG_PKSERVICE ? | 1094 | buffer_put_cstring(&b, authctxt->method->name); |
1105 | "ssh-userauth" : | 1095 | buffer_put_char(&b, have_sig); |
1106 | authctxt->service); | 1096 | buffer_put_cstring(&b, key_sign_encode(id->key)); |
1107 | if (datafellows & SSH_BUG_PKAUTH) { | ||
1108 | buffer_put_char(&b, have_sig); | ||
1109 | } else { | ||
1110 | buffer_put_cstring(&b, authctxt->method->name); | ||
1111 | buffer_put_char(&b, have_sig); | ||
1112 | buffer_put_cstring(&b, key_sign_encode(id->key)); | ||
1113 | } | ||
1114 | buffer_put_string(&b, blob, bloblen); | 1097 | buffer_put_string(&b, blob, bloblen); |
1115 | 1098 | ||
1116 | /* | 1099 | /* |
@@ -1170,19 +1153,6 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1170 | #ifdef DEBUG_PK | 1153 | #ifdef DEBUG_PK |
1171 | buffer_dump(&b); | 1154 | buffer_dump(&b); |
1172 | #endif | 1155 | #endif |
1173 | if (datafellows & SSH_BUG_PKSERVICE) { | ||
1174 | buffer_clear(&b); | ||
1175 | buffer_append(&b, session_id2, session_id2_len); | ||
1176 | skip = session_id2_len; | ||
1177 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | ||
1178 | buffer_put_cstring(&b, authctxt->server_user); | ||
1179 | buffer_put_cstring(&b, authctxt->service); | ||
1180 | buffer_put_cstring(&b, authctxt->method->name); | ||
1181 | buffer_put_char(&b, have_sig); | ||
1182 | if (!(datafellows & SSH_BUG_PKAUTH)) | ||
1183 | buffer_put_cstring(&b, key_ssh_name(id->key)); | ||
1184 | buffer_put_string(&b, blob, bloblen); | ||
1185 | } | ||
1186 | free(blob); | 1156 | free(blob); |
1187 | 1157 | ||
1188 | /* append signature */ | 1158 | /* append signature */ |
@@ -1224,8 +1194,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
1224 | packet_put_cstring(authctxt->service); | 1194 | packet_put_cstring(authctxt->service); |
1225 | packet_put_cstring(authctxt->method->name); | 1195 | packet_put_cstring(authctxt->method->name); |
1226 | packet_put_char(have_sig); | 1196 | packet_put_char(have_sig); |
1227 | if (!(datafellows & SSH_BUG_PKAUTH)) | 1197 | packet_put_cstring(key_sign_encode(id->key)); |
1228 | packet_put_cstring(key_sign_encode(id->key)); | ||
1229 | packet_put_string(blob, bloblen); | 1198 | packet_put_string(blob, bloblen); |
1230 | free(blob); | 1199 | free(blob); |
1231 | packet_send(); | 1200 | packet_send(); |
@@ -1741,7 +1710,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
1741 | struct ssh *ssh = active_state; | 1710 | struct ssh *ssh = active_state; |
1742 | struct sshkey *private = NULL; | 1711 | struct sshkey *private = NULL; |
1743 | struct sshbuf *b = NULL; | 1712 | struct sshbuf *b = NULL; |
1744 | const char *service; | ||
1745 | u_char *sig = NULL, *keyblob = NULL; | 1713 | u_char *sig = NULL, *keyblob = NULL; |
1746 | char *fp = NULL, *chost = NULL, *lname = NULL; | 1714 | char *fp = NULL, *chost = NULL, *lname = NULL; |
1747 | size_t siglen = 0, keylen = 0; | 1715 | size_t siglen = 0, keylen = 0; |
@@ -1812,9 +1780,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
1812 | xasprintf(&chost, "%s.", lname); | 1780 | xasprintf(&chost, "%s.", lname); |
1813 | debug2("%s: chost %s", __func__, chost); | 1781 | debug2("%s: chost %s", __func__, chost); |
1814 | 1782 | ||
1815 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | ||
1816 | authctxt->service; | ||
1817 | |||
1818 | /* construct data */ | 1783 | /* construct data */ |
1819 | if ((b = sshbuf_new()) == NULL) { | 1784 | if ((b = sshbuf_new()) == NULL) { |
1820 | error("%s: sshbuf_new failed", __func__); | 1785 | error("%s: sshbuf_new failed", __func__); |
@@ -1827,7 +1792,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
1827 | if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || | 1792 | if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || |
1828 | (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || | 1793 | (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || |
1829 | (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || | 1794 | (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || |
1830 | (r = sshbuf_put_cstring(b, service)) != 0 || | 1795 | (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || |
1831 | (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || | 1796 | (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || |
1832 | (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || | 1797 | (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || |
1833 | (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || | 1798 | (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || |