From d121f613708c3c9c82465b0788550943a918d5c8 Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Sun, 3 Dec 2000 17:00:47 +0000
Subject: 20001204  - (bal) More C functions defined in NeXT that are
 unaccessable without    defining -POSIX.  - (bal) OpenBSD CVS updates:    -
 markus@cvs.openbsd.org 2000/12/03 11:29:04      [compat.c]      remove
 fallback to SSH_BUG_HMAC now that the drafts are updated    -
 markus@cvs.openbsd.org 2000/12/03 11:27:55      [compat.c]      correctly
 match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat    -
 markus@cvs.openbsd.org 2000/12/03 11:15:03      [auth2.c compat.c compat.h
 sshconnect2.c]      support f-secure/ssh.com 2.0.12; ok niels@

---
 auth2.c | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

(limited to 'auth2.c')

diff --git a/auth2.c b/auth2.c
index 8e8edf920..030e28da1 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.21 2000/11/12 19:50:37 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.22 2000/12/03 11:15:02 markus Exp $");
 
 #ifdef HAVE_OSF_SIA
 # include <sia.h>
@@ -434,14 +434,27 @@ userauth_pubkey(Authctxt *authctxt)
 		return 0;
 	}
 	have_sig = packet_get_char();
-	pkalg = packet_get_string(&alen);
+	if (datafellows & SSH_BUG_PKAUTH) {
+		debug2("userauth_pubkey: SSH_BUG_PKAUTH");
+		/* no explicit pkalg given */
+		pkblob = packet_get_string(&blen);
+		buffer_init(&b);
+		buffer_append(&b, pkblob, blen);
+		/* so we have to extract the pkalg from the pkblob */
+		pkalg = buffer_get_string(&b, &alen);
+		buffer_free(&b);
+	} else {
+		pkalg = packet_get_string(&alen);
+		pkblob = packet_get_string(&blen);
+	}
 	pktype = key_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
-		log("bad pkalg %s", pkalg);
+		/* this is perfectly legal */
+		log("userauth_pubkey: unsupported public key algorithm: %s", pkalg);
 		xfree(pkalg);
+		xfree(pkblob);
 		return 0;
 	}
-	pkblob = packet_get_string(&blen);
 	key = key_from_blob(pkblob, blen);
 	if (key != NULL) {
 		if (have_sig) {
@@ -457,12 +470,16 @@ userauth_pubkey(Authctxt *authctxt)
 			buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 			buffer_put_cstring(&b, authctxt->user);
 			buffer_put_cstring(&b,
-			    datafellows & SSH_BUG_PUBKEYAUTH ?
+			    datafellows & SSH_BUG_PKSERVICE ?
 			    "ssh-userauth" :
 			    authctxt->service);
-			buffer_put_cstring(&b, "publickey");
-			buffer_put_char(&b, have_sig);
-			buffer_put_cstring(&b, key_ssh_name(key));
+			if (datafellows & SSH_BUG_PKAUTH) {
+				buffer_put_char(&b, have_sig);
+			} else {
+				buffer_put_cstring(&b, "publickey");
+				buffer_put_char(&b, have_sig);
+				buffer_put_cstring(&b, key_ssh_name(key));
+			}
 			buffer_put_string(&b, pkblob, blen);
 #ifdef DEBUG_PK
 			buffer_dump(&b);
-- 
cgit v1.2.3