version 1.79, 2018/06/06 18:29:18 |
version 1.80, 2018/07/03 11:39:54 |
|
|
pktype = sshkey_type_from_name(pkalg); |
pktype = sshkey_type_from_name(pkalg); |
if (pktype == KEY_UNSPEC) { |
if (pktype == KEY_UNSPEC) { |
/* this is perfectly legal */ |
/* this is perfectly legal */ |
logit("%s: unsupported public key algorithm: %s", |
verbose("%s: unsupported public key algorithm: %s", |
__func__, pkalg); |
__func__, pkalg); |
goto done; |
goto done; |
} |
} |
|
|
logit("refusing previously-used %s key", sshkey_type(key)); |
logit("refusing previously-used %s key", sshkey_type(key)); |
goto done; |
goto done; |
} |
} |
if (match_pattern_list(sshkey_ssh_name(key), |
if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) { |
options.pubkey_key_types, 0) != 1) { |
|
logit("%s: key type %s not in PubkeyAcceptedKeyTypes", |
logit("%s: key type %s not in PubkeyAcceptedKeyTypes", |
__func__, sshkey_ssh_name(key)); |
__func__, sshkey_ssh_name(key)); |
goto done; |
goto done; |
|
|
/* test for correct signature */ |
/* test for correct signature */ |
authenticated = 0; |
authenticated = 0; |
if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && |
if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && |
PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), |
PRIVSEP(sshkey_verify(key, sig, slen, |
sshbuf_len(b), NULL, ssh->compat)) == 0) { |
sshbuf_ptr(b), sshbuf_len(b), |
|
(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, |
|
ssh->compat)) == 0) { |
authenticated = 1; |
authenticated = 1; |
} |
} |
sshbuf_free(b); |
sshbuf_free(b); |