version 1.95, 2019/11/25 00:51:37 |
version 1.96, 2019/11/25 00:52:46 |
|
|
#include "ssherr.h" |
#include "ssherr.h" |
#include "channels.h" /* XXX for session.h */ |
#include "channels.h" /* XXX for session.h */ |
#include "session.h" /* XXX for child_set_env(); refactor? */ |
#include "session.h" /* XXX for child_set_env(); refactor? */ |
|
#include "sk-api.h" |
|
|
/* import */ |
/* import */ |
extern ServerOptions options; |
extern ServerOptions options; |
|
|
u_char *pkblob = NULL, *sig = NULL, have_sig; |
u_char *pkblob = NULL, *sig = NULL, have_sig; |
size_t blen, slen; |
size_t blen, slen; |
int r, pktype; |
int r, pktype; |
int authenticated = 0; |
int req_presence = 0, authenticated = 0; |
struct sshauthopt *authopts = NULL; |
struct sshauthopt *authopts = NULL; |
struct sshkey_sig_details *sig_details = NULL; |
struct sshkey_sig_details *sig_details = NULL; |
|
|
|
|
ssh->compat, &sig_details)) == 0) { |
ssh->compat, &sig_details)) == 0) { |
authenticated = 1; |
authenticated = 1; |
} |
} |
if (sig_details != NULL) { |
if (authenticated == 1 && sig_details != NULL) { |
|
auth2_record_info(authctxt, "signature count = %u", |
|
sig_details->sk_counter); |
debug("%s: sk_counter = %u, sk_flags = 0x%02x", |
debug("%s: sk_counter = %u, sk_flags = 0x%02x", |
__func__, sig_details->sk_counter, |
__func__, sig_details->sk_counter, |
sig_details->sk_flags); |
sig_details->sk_flags); |
|
req_presence = (options.pubkey_auth_options & |
|
PUBKEYAUTH_TOUCH_REQUIRED); |
|
if (req_presence && (sig_details->sk_flags & |
|
SSH_SK_USER_PRESENCE_REQD) == 0) { |
|
error("public key %s signature for %s%s from " |
|
"%.128s port %d rejected: user presence " |
|
"(key touch) requirement not met ", key_s, |
|
authctxt->valid ? "" : "invalid user ", |
|
authctxt->user, ssh_remote_ipaddr(ssh), |
|
ssh_remote_port(ssh)); |
|
authenticated = 0; |
|
goto done; |
|
} |
} |
} |
auth2_record_key(authctxt, authenticated, key); |
auth2_record_key(authctxt, authenticated, key); |
} else { |
} else { |