| version 1.82, 2018/07/11 18:55:11 |
version 1.83, 2018/07/31 03:10:27 |
|
|
| { |
{ |
| Authctxt *authctxt = ssh->authctxt; |
Authctxt *authctxt = ssh->authctxt; |
| struct passwd *pw = authctxt->pw; |
struct passwd *pw = authctxt->pw; |
| struct sshbuf *b; |
struct sshbuf *b = NULL; |
| struct sshkey *key = NULL; |
struct sshkey *key = NULL; |
| char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; |
char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; |
| u_char *pkblob, *sig, have_sig; |
u_char *pkblob = NULL, *sig = NULL, have_sig; |
| size_t blen, slen; |
size_t blen, slen; |
| int r, pktype; |
int r, pktype; |
| int authenticated = 0; |
int authenticated = 0; |
| struct sshauthopt *authopts = NULL; |
struct sshauthopt *authopts = NULL; |
| |
|
| if (!authctxt->valid) { |
|
| debug2("%s: disabled because of invalid user", __func__); |
|
| return 0; |
|
| } |
|
| if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || |
if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || |
| (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || |
(r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || |
| (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) |
(r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) |
|
|
| fatal("%s: sshbuf_put_string session id: %s", |
fatal("%s: sshbuf_put_string session id: %s", |
| __func__, ssh_err(r)); |
__func__, ssh_err(r)); |
| } |
} |
| |
if (!authctxt->valid || authctxt->user == NULL) { |
| |
debug2("%s: disabled because of invalid user", |
| |
__func__); |
| |
goto done; |
| |
} |
| /* reconstruct packet */ |
/* reconstruct packet */ |
| xasprintf(&userstyle, "%s%s%s", authctxt->user, |
xasprintf(&userstyle, "%s%s%s", authctxt->user, |
| authctxt->style ? ":" : "", |
authctxt->style ? ":" : "", |
|
|
| #ifdef DEBUG_PK |
#ifdef DEBUG_PK |
| sshbuf_dump(b, stderr); |
sshbuf_dump(b, stderr); |
| #endif |
#endif |
| |
|
| /* test for correct signature */ |
/* test for correct signature */ |
| authenticated = 0; |
authenticated = 0; |
| if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && |
if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && |
|
|
| authenticated = 1; |
authenticated = 1; |
| } |
} |
| sshbuf_free(b); |
sshbuf_free(b); |
| free(sig); |
|
| auth2_record_key(authctxt, authenticated, key); |
auth2_record_key(authctxt, authenticated, key); |
| } else { |
} else { |
| debug("%s: test pkalg %s pkblob %s%s%s", |
debug("%s: test pkalg %s pkblob %s%s%s", |
|
|
| if ((r = sshpkt_get_end(ssh)) != 0) |
if ((r = sshpkt_get_end(ssh)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal("%s: %s", __func__, ssh_err(r)); |
| |
|
| |
if (!authctxt->valid || authctxt->user == NULL) { |
| |
debug2("%s: disabled because of invalid user", |
| |
__func__); |
| |
goto done; |
| |
} |
| /* XXX fake reply and always send PK_OK ? */ |
/* XXX fake reply and always send PK_OK ? */ |
| /* |
/* |
| * XXX this allows testing whether a user is allowed |
* XXX this allows testing whether a user is allowed |
|
|
| free(pkblob); |
free(pkblob); |
| free(key_s); |
free(key_s); |
| free(ca_s); |
free(ca_s); |
| |
free(sig); |
| return authenticated; |
return authenticated; |
| } |
} |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to auth2-pubkey.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh