version 1.43, 2014/12/21 22:27:56 |
version 1.44, 2014/12/22 07:51:30 |
|
|
#include <string.h> |
#include <string.h> |
#include <time.h> |
#include <time.h> |
#include <unistd.h> |
#include <unistd.h> |
|
#include <limits.h> |
|
|
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "ssh.h" |
#include "ssh.h" |
|
|
"signature scheme"); |
"signature scheme"); |
goto done; |
goto done; |
} |
} |
|
if (auth2_userkey_already_used(authctxt, key)) { |
|
logit("refusing previously-used %s key", key_type(key)); |
|
goto done; |
|
} |
if (have_sig) { |
if (have_sig) { |
sig = packet_get_string(&slen); |
sig = packet_get_string(&slen); |
packet_check_eom(); |
packet_check_eom(); |
|
|
authenticated = 0; |
authenticated = 0; |
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && |
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && |
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), |
PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), |
buffer_len(&b))) == 1) |
buffer_len(&b))) == 1) { |
authenticated = 1; |
authenticated = 1; |
|
/* Record the successful key to prevent reuse */ |
|
auth2_record_userkey(authctxt, key); |
|
key = NULL; /* Don't free below */ |
|
} |
buffer_free(&b); |
buffer_free(&b); |
free(sig); |
free(sig); |
} else { |
} else { |
|
|
} |
} |
|
|
return success; |
return success; |
|
} |
|
|
|
/* Records a public key in the list of previously-successful keys */ |
|
void |
|
auth2_record_userkey(Authctxt *authctxt, struct sshkey *key) |
|
{ |
|
struct sshkey **tmp; |
|
|
|
if (authctxt->nprev_userkeys >= INT_MAX || |
|
(tmp = reallocarray(authctxt->prev_userkeys, |
|
authctxt->nprev_userkeys + 1, sizeof(*tmp))) == NULL) |
|
fatal("%s: reallocarray failed", __func__); |
|
authctxt->prev_userkeys = tmp; |
|
authctxt->prev_userkeys[authctxt->nprev_userkeys] = key; |
|
authctxt->nprev_userkeys++; |
|
} |
|
|
|
/* Checks whether a key has already been used successfully for authentication */ |
|
int |
|
auth2_userkey_already_used(Authctxt *authctxt, struct sshkey *key) |
|
{ |
|
u_int i; |
|
|
|
for (i = 0; i < authctxt->nprev_userkeys; i++) { |
|
if (sshkey_equal_public(key, authctxt->prev_userkeys[i])) { |
|
return 1; |
|
} |
|
} |
|
return 0; |
} |
} |
|
|
Authmethod method_pubkey = { |
Authmethod method_pubkey = { |