version 1.136, 2014/12/22 07:51:30 |
version 1.137, 2015/01/13 07:39:19 |
|
|
#include "ssh2.h" |
#include "ssh2.h" |
#include "roaming.h" |
#include "roaming.h" |
#include "authfd.h" |
#include "authfd.h" |
|
#include "match.h" |
|
|
#ifdef GSSAPI |
#ifdef GSSAPI |
static Gssctxt *gsscontext = NULL; |
static Gssctxt *gsscontext = NULL; |
|
|
debug3("%s: key_from_blob: %p", __func__, key); |
debug3("%s: key_from_blob: %p", __func__, key); |
|
|
if (key != NULL && authctxt->valid) { |
if (key != NULL && authctxt->valid) { |
|
/* These should not make it past the privsep child */ |
|
if (key_type_plain(key->type) == KEY_RSA && |
|
(datafellows & SSH_BUG_RSASIGMD5) != 0) |
|
fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); |
|
|
switch (type) { |
switch (type) { |
case MM_USERKEY: |
case MM_USERKEY: |
allowed = options.pubkey_authentication && |
allowed = options.pubkey_authentication && |
!auth2_userkey_already_used(authctxt, key) && |
!auth2_userkey_already_used(authctxt, key) && |
|
match_pattern_list(sshkey_ssh_name(key), |
|
options.pubkey_key_types, |
|
strlen(options.pubkey_key_types), 0) == 1 && |
user_key_allowed(authctxt->pw, key); |
user_key_allowed(authctxt->pw, key); |
pubkey_auth_info(authctxt, key, NULL); |
pubkey_auth_info(authctxt, key, NULL); |
auth_method = "publickey"; |
auth_method = "publickey"; |
|
|
break; |
break; |
case MM_HOSTKEY: |
case MM_HOSTKEY: |
allowed = options.hostbased_authentication && |
allowed = options.hostbased_authentication && |
|
match_pattern_list(sshkey_ssh_name(key), |
|
options.hostbased_key_types, |
|
strlen(options.hostbased_key_types), 0) == 1 && |
hostbased_key_allowed(authctxt->pw, |
hostbased_key_allowed(authctxt->pw, |
cuser, chost, key); |
cuser, chost, key); |
pubkey_auth_info(authctxt, key, |
pubkey_auth_info(authctxt, key, |