[BACK]Return to auth2-pubkey.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth2-pubkey.c between version 1.115 and 1.116

version 1.115, 2022/05/27 05:02:46 version 1.116, 2022/06/15 16:08:25
Line 95 
Line 95 
         int req_presence = 0, req_verify = 0, authenticated = 0;          int req_presence = 0, req_verify = 0, authenticated = 0;
         struct sshauthopt *authopts = NULL;          struct sshauthopt *authopts = NULL;
         struct sshkey_sig_details *sig_details = NULL;          struct sshkey_sig_details *sig_details = NULL;
         const char *remote_ip = ssh_remote_ipaddr(ssh);  
         const char *remote_host = auth_get_canonical_hostname(ssh,  
             options.use_dns);  
   
         hostbound = strcmp(method, "publickey-hostbound-v00@openssh.com") == 0;          hostbound = strcmp(method, "publickey-hostbound-v00@openssh.com") == 0;
   
Line 220 
Line 217 
 #endif  #endif
                 /* test for correct signature */                  /* test for correct signature */
                 authenticated = 0;                  authenticated = 0;
                 if (PRIVSEP(user_key_allowed(pw, key, 1, remote_ip,                  if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
                     remote_host, &authopts)) &&  
                     PRIVSEP(sshkey_verify(key, sig, slen,                      PRIVSEP(sshkey_verify(key, sig, slen,
                     sshbuf_ptr(b), sshbuf_len(b),                      sshbuf_ptr(b), sshbuf_len(b),
                     (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,                      (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
Line 283 
Line 279 
                  * if a user is not allowed to login. is this an                   * if a user is not allowed to login. is this an
                  * issue? -markus                   * issue? -markus
                  */                   */
                 if (PRIVSEP(user_key_allowed(pw, key, 0, remote_ip,                  if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) {
                     remote_host, NULL))) {  
                         if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK))                          if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK))
                             != 0 ||                              != 0 ||
                             (r = sshpkt_put_cstring(ssh, pkalg)) != 0 ||                              (r = sshpkt_put_cstring(ssh, pkalg)) != 0 ||
Line 748 
Line 743 
  * Check whether key authenticates and authorises the user.   * Check whether key authenticates and authorises the user.
  */   */
 int  int
 user_key_allowed(struct passwd *pw, struct sshkey *key,  user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
     int auth_attempt, const char *remote_ip, const char *remote_host,      int auth_attempt, struct sshauthopt **authoptsp)
     struct sshauthopt **authoptsp)  
 {  {
         u_int success = 0, i;          u_int success = 0, i;
         char *file;          char *file;
         struct sshauthopt *opts = NULL;          struct sshauthopt *opts = NULL;
           const char *remote_ip = ssh_remote_ipaddr(ssh);
           const char *remote_host = auth_get_canonical_hostname(ssh,
               options.use_dns);
   
         if (authoptsp != NULL)          if (authoptsp != NULL)
                 *authoptsp = NULL;                  *authoptsp = NULL;
Legend:
Removed from v.1.115  
changed lines
  Added in v.1.116