version 1.115, 2022/05/27 05:02:46 |
version 1.116, 2022/06/15 16:08:25 |
|
|
int req_presence = 0, req_verify = 0, authenticated = 0; |
int req_presence = 0, req_verify = 0, authenticated = 0; |
struct sshauthopt *authopts = NULL; |
struct sshauthopt *authopts = NULL; |
struct sshkey_sig_details *sig_details = NULL; |
struct sshkey_sig_details *sig_details = NULL; |
const char *remote_ip = ssh_remote_ipaddr(ssh); |
|
const char *remote_host = auth_get_canonical_hostname(ssh, |
|
options.use_dns); |
|
|
|
hostbound = strcmp(method, "publickey-hostbound-v00@openssh.com") == 0; |
hostbound = strcmp(method, "publickey-hostbound-v00@openssh.com") == 0; |
|
|
|
|
#endif |
#endif |
/* test for correct signature */ |
/* test for correct signature */ |
authenticated = 0; |
authenticated = 0; |
if (PRIVSEP(user_key_allowed(pw, key, 1, remote_ip, |
if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && |
remote_host, &authopts)) && |
|
PRIVSEP(sshkey_verify(key, sig, slen, |
PRIVSEP(sshkey_verify(key, sig, slen, |
sshbuf_ptr(b), sshbuf_len(b), |
sshbuf_ptr(b), sshbuf_len(b), |
(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, |
(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, |
|
|
* if a user is not allowed to login. is this an |
* if a user is not allowed to login. is this an |
* issue? -markus |
* issue? -markus |
*/ |
*/ |
if (PRIVSEP(user_key_allowed(pw, key, 0, remote_ip, |
if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) { |
remote_host, NULL))) { |
|
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK)) |
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK)) |
!= 0 || |
!= 0 || |
(r = sshpkt_put_cstring(ssh, pkalg)) != 0 || |
(r = sshpkt_put_cstring(ssh, pkalg)) != 0 || |
|
|
* Check whether key authenticates and authorises the user. |
* Check whether key authenticates and authorises the user. |
*/ |
*/ |
int |
int |
user_key_allowed(struct passwd *pw, struct sshkey *key, |
user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, |
int auth_attempt, const char *remote_ip, const char *remote_host, |
int auth_attempt, struct sshauthopt **authoptsp) |
struct sshauthopt **authoptsp) |
|
{ |
{ |
u_int success = 0, i; |
u_int success = 0, i; |
char *file; |
char *file; |
struct sshauthopt *opts = NULL; |
struct sshauthopt *opts = NULL; |
|
const char *remote_ip = ssh_remote_ipaddr(ssh); |
|
const char *remote_host = auth_get_canonical_hostname(ssh, |
|
options.use_dns); |
|
|
if (authoptsp != NULL) |
if (authoptsp != NULL) |
*authoptsp = NULL; |
*authoptsp = NULL; |