| version 1.72, 2017/12/18 02:25:15 |
version 1.73, 2017/12/19 00:24:34 |
|
|
| extern u_char *session_id2; |
extern u_char *session_id2; |
| extern u_int session_id2_len; |
extern u_int session_id2_len; |
| |
|
| |
static char * |
| |
format_key(const struct sshkey *key) |
| |
{ |
| |
char *ret, *fp = sshkey_fingerprint(key, |
| |
options.fingerprint_hash, SSH_FP_DEFAULT); |
| |
|
| |
xasprintf(&ret, "%s %s", sshkey_type(key), fp); |
| |
free(fp); |
| |
return ret; |
| |
} |
| |
|
| static int |
static int |
| userauth_pubkey(struct ssh *ssh) |
userauth_pubkey(struct ssh *ssh) |
| { |
{ |
| Authctxt *authctxt = ssh->authctxt; |
Authctxt *authctxt = ssh->authctxt; |
| struct sshbuf *b; |
struct sshbuf *b; |
| struct sshkey *key = NULL; |
struct sshkey *key = NULL; |
| char *pkalg, *userstyle = NULL, *fp = NULL; |
char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; |
| u_char *pkblob, *sig, have_sig; |
u_char *pkblob, *sig, have_sig; |
| size_t blen, slen; |
size_t blen, slen; |
| int r, pktype; |
int r, pktype; |
|
|
| "signature scheme"); |
"signature scheme"); |
| goto done; |
goto done; |
| } |
} |
| fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); |
|
| if (auth2_key_already_used(authctxt, key)) { |
if (auth2_key_already_used(authctxt, key)) { |
| logit("refusing previously-used %s key", sshkey_type(key)); |
logit("refusing previously-used %s key", sshkey_type(key)); |
| goto done; |
goto done; |
|
|
| goto done; |
goto done; |
| } |
} |
| |
|
| |
key_s = format_key(key); |
| |
if (sshkey_is_cert(key)) |
| |
ca_s = format_key(key->cert->signature_key); |
| |
|
| if (have_sig) { |
if (have_sig) { |
| debug3("%s: have signature for %s %s", |
debug3("%s: have %s signature for %s%s%s", |
| __func__, sshkey_type(key), fp); |
__func__, pkalg, key_s, |
| |
ca_s == NULL ? "" : " CA ", |
| |
ca_s == NULL ? "" : ca_s); |
| if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 || |
if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 || |
| (r = sshpkt_get_end(ssh)) != 0) |
(r = sshpkt_get_end(ssh)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal("%s: %s", __func__, ssh_err(r)); |
|
|
| free(sig); |
free(sig); |
| auth2_record_key(authctxt, authenticated, key); |
auth2_record_key(authctxt, authenticated, key); |
| } else { |
} else { |
| debug("%s: test whether pkalg/pkblob are acceptable for %s %s", |
debug("%s: test pkalg %s pkblob %s%s%s", |
| __func__, sshkey_type(key), fp); |
__func__, pkalg, key_s, |
| |
ca_s == NULL ? "" : " CA ", |
| |
ca_s == NULL ? "" : ca_s); |
| |
|
| if ((r = sshpkt_get_end(ssh)) != 0) |
if ((r = sshpkt_get_end(ssh)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal("%s: %s", __func__, ssh_err(r)); |
| |
|
|
|
| free(userstyle); |
free(userstyle); |
| free(pkalg); |
free(pkalg); |
| free(pkblob); |
free(pkblob); |
| free(fp); |
free(key_s); |
| |
free(ca_s); |
| return authenticated; |
return authenticated; |
| } |
} |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to auth2-pubkey.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh