version 1.213, 2020/08/27 01:06:18 |
version 1.214, 2020/08/27 01:07:09 |
|
|
const u_char *signature, *data, *blob; |
const u_char *signature, *data, *blob; |
char *sigalg = NULL, *fp = NULL; |
char *sigalg = NULL, *fp = NULL; |
size_t signaturelen, datalen, bloblen; |
size_t signaturelen, datalen, bloblen; |
int r, ret, req_presence = 0, valid_data = 0, encoded_ret; |
int r, ret, req_presence = 0, req_verify = 0, valid_data = 0; |
|
int encoded_ret; |
struct sshkey_sig_details *sig_details = NULL; |
struct sshkey_sig_details *sig_details = NULL; |
|
|
if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 || |
if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 || |
|
|
"port %d rejected: user presence " |
"port %d rejected: user presence " |
"(authenticator touch) requirement not met ", |
"(authenticator touch) requirement not met ", |
sshkey_type(key), fp, |
sshkey_type(key), fp, |
|
authctxt->valid ? "" : "invalid user ", |
|
authctxt->user, ssh_remote_ipaddr(ssh), |
|
ssh_remote_port(ssh)); |
|
ret = SSH_ERR_SIGNATURE_INVALID; |
|
} |
|
req_verify = (options.pubkey_auth_options & |
|
PUBKEYAUTH_VERIFY_REQUIRED) || key_opts->require_verify; |
|
if (req_verify && |
|
(sig_details->sk_flags & SSH_SK_USER_VERIFICATION_REQD) == 0) { |
|
error("public key %s %s signature for %s%s from %.128s " |
|
"port %d rejected: user verification requirement " |
|
"not met ", sshkey_type(key), fp, |
authctxt->valid ? "" : "invalid user ", |
authctxt->valid ? "" : "invalid user ", |
authctxt->user, ssh_remote_ipaddr(ssh), |
authctxt->user, ssh_remote_ipaddr(ssh), |
ssh_remote_port(ssh)); |
ssh_remote_port(ssh)); |