version 1.187, 2018/09/13 02:08:33 |
version 1.188, 2018/11/16 02:43:56 |
|
|
return (authok != 0); |
return (authok != 0); |
} |
} |
|
|
|
/* |
|
* Check that the key type appears in the supplied pattern list, ignoring |
|
* mismatches in the signature algorithm. (Signature algorithm checks are |
|
* performed in the unprivileged authentication code). |
|
* Returns 1 on success, 0 otherwise. |
|
*/ |
|
static int |
|
key_base_type_match(const char *method, const struct sshkey *key, |
|
const char *list) |
|
{ |
|
char *s, *l, *ol = xstrdup(list); |
|
int found = 0; |
|
|
|
l = ol; |
|
for ((s = strsep(&l, ",")); s && *s != '\0'; (s = strsep(&l, ","))) { |
|
if (sshkey_type_from_name(s) == key->type) { |
|
found = 1; |
|
break; |
|
} |
|
} |
|
if (!found) { |
|
error("%s key type %s is not in permitted list %s", method, |
|
sshkey_ssh_name(key), list); |
|
} |
|
|
|
free(ol); |
|
return found; |
|
} |
|
|
int |
int |
mm_answer_keyallowed(int sock, struct sshbuf *m) |
mm_answer_keyallowed(int sock, struct sshbuf *m) |
{ |
{ |
|
|
break; |
break; |
if (auth2_key_already_used(authctxt, key)) |
if (auth2_key_already_used(authctxt, key)) |
break; |
break; |
if (match_pattern_list(sshkey_ssh_name(key), |
if (!key_base_type_match(auth_method, key, |
options.pubkey_key_types, 0) != 1) |
options.pubkey_key_types)) |
break; |
break; |
allowed = user_key_allowed(ssh, authctxt->pw, key, |
allowed = user_key_allowed(ssh, authctxt->pw, key, |
pubkey_auth_attempt, &opts); |
pubkey_auth_attempt, &opts); |
|
|
break; |
break; |
if (auth2_key_already_used(authctxt, key)) |
if (auth2_key_already_used(authctxt, key)) |
break; |
break; |
if (match_pattern_list(sshkey_ssh_name(key), |
if (!key_base_type_match(auth_method, key, |
options.hostbased_key_types, 0) != 1) |
options.hostbased_key_types)) |
break; |
break; |
allowed = hostbased_key_allowed(authctxt->pw, |
allowed = hostbased_key_allowed(authctxt->pw, |
cuser, chost, key); |
cuser, chost, key); |