version 1.64, 2020/08/27 01:06:18 |
version 1.65, 2020/10/18 11:32:02 |
|
|
fail = 0; |
fail = 0; |
|
|
if ((b = sshbuf_from(data, datalen)) == NULL) |
if ((b = sshbuf_from(data, datalen)) == NULL) |
fatal("%s: sshbuf_from failed", __func__); |
fatal_f("sshbuf_from failed"); |
|
|
/* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */ |
/* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */ |
if ((r = sshbuf_get_string(b, NULL, &len)) != 0) |
if ((r = sshbuf_get_string(b, NULL, &len)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse session ID"); |
if (len != 20 && len != 32) |
if (len != 20 && len != 32) |
fail++; |
fail++; |
|
|
if ((r = sshbuf_get_u8(b, &type)) != 0) |
if ((r = sshbuf_get_u8(b, &type)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse type"); |
if (type != SSH2_MSG_USERAUTH_REQUEST) |
if (type != SSH2_MSG_USERAUTH_REQUEST) |
fail++; |
fail++; |
|
|
/* server user */ |
/* server user */ |
if ((r = sshbuf_skip_string(b)) != 0) |
if ((r = sshbuf_skip_string(b)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse user"); |
|
|
/* service */ |
/* service */ |
if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0) |
if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse service"); |
if (strcmp("ssh-connection", p) != 0) |
if (strcmp("ssh-connection", p) != 0) |
fail++; |
fail++; |
free(p); |
free(p); |
|
|
/* method */ |
/* method */ |
if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0) |
if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse method"); |
if (strcmp("hostbased", p) != 0) |
if (strcmp("hostbased", p) != 0) |
fail++; |
fail++; |
free(p); |
free(p); |
|
|
/* pubkey */ |
/* pubkey */ |
if ((r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0 || |
if ((r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0 || |
(r = sshbuf_get_string(b, &pkblob, &blen)) != 0) |
(r = sshbuf_get_string(b, &pkblob, &blen)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse pk"); |
|
|
pktype = sshkey_type_from_name(pkalg); |
pktype = sshkey_type_from_name(pkalg); |
if (pktype == KEY_UNSPEC) |
if (pktype == KEY_UNSPEC) |
fail++; |
fail++; |
else if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { |
else if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { |
error("%s: bad key blob: %s", __func__, ssh_err(r)); |
error_fr(r, "decode key"); |
fail++; |
fail++; |
} else if (key->type != pktype) |
} else if (key->type != pktype) |
fail++; |
fail++; |
|
|
|
|
/* client host name, handle trailing dot */ |
/* client host name, handle trailing dot */ |
if ((r = sshbuf_get_cstring(b, &p, &len)) != 0) |
if ((r = sshbuf_get_cstring(b, &p, &len)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse hostname"); |
debug2("%s: check expect chost %s got %s", __func__, host, p); |
debug2_f("check expect chost %s got %s", host, p); |
if (strlen(host) != len - 1) |
if (strlen(host) != len - 1) |
fail++; |
fail++; |
else if (p[len - 1] != '.') |
else if (p[len - 1] != '.') |
|
|
|
|
/* local user */ |
/* local user */ |
if ((r = sshbuf_get_cstring(b, &luser, NULL)) != 0) |
if ((r = sshbuf_get_cstring(b, &luser, NULL)) != 0) |
fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse luser"); |
|
|
if (strcmp(pw->pw_name, luser) != 0) |
if (strcmp(pw->pw_name, luser) != 0) |
fail++; |
fail++; |
|
|
fail++; |
fail++; |
sshbuf_free(b); |
sshbuf_free(b); |
|
|
debug3("%s: fail %d", __func__, fail); |
debug3_f("fail %d", fail); |
|
|
if (fail) |
if (fail) |
sshkey_free(key); |
sshkey_free(key); |
|
|
NULL, &key, NULL); |
NULL, &key, NULL); |
close(key_fd[i]); |
close(key_fd[i]); |
if (r != 0) |
if (r != 0) |
debug("parse key %d: %s", i, ssh_err(r)); |
debug_r(r, "parse key %d", i); |
else if (key != NULL) { |
else if (key != NULL) { |
keys[i] = key; |
keys[i] = key; |
found = 1; |
found = 1; |
|
|
if ((b = sshbuf_new()) == NULL) |
if ((b = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __progname); |
fatal("%s: sshbuf_new failed", __progname); |
if (ssh_msg_recv(STDIN_FILENO, b) < 0) |
if (ssh_msg_recv(STDIN_FILENO, b) < 0) |
fatal("ssh_msg_recv failed"); |
fatal("%s: ssh_msg_recv failed", __progname); |
if ((r = sshbuf_get_u8(b, &rver)) != 0) |
if ((r = sshbuf_get_u8(b, &rver)) != 0) |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
fatal_r(r, "%s: buffer error", __progname); |
if (rver != version) |
if (rver != version) |
fatal("bad version: received %d, expected %d", rver, version); |
fatal("%s: bad version: received %d, expected %d", |
|
__progname, rver, version); |
if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) |
if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
fatal_r(r, "%s: buffer error", __progname); |
if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) |
if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) |
fatal("bad fd = %d", fd); |
fatal("%s: bad fd = %d", __progname, fd); |
if ((host = get_local_name(fd)) == NULL) |
if ((host = get_local_name(fd)) == NULL) |
fatal("cannot get local name for fd"); |
fatal("%s: cannot get local name for fd", __progname); |
|
|
if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) |
if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
fatal_r(r, "%s: buffer error", __progname); |
if (valid_request(pw, host, &key, data, dlen) < 0) |
if (valid_request(pw, host, &key, data, dlen) < 0) |
fatal("not a valid request"); |
fatal("%s: not a valid request", __progname); |
free(host); |
free(host); |
|
|
found = 0; |
found = 0; |
|
|
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, |
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, |
SSH_FP_DEFAULT)) == NULL) |
SSH_FP_DEFAULT)) == NULL) |
fatal("%s: sshkey_fingerprint failed", __progname); |
fatal("%s: sshkey_fingerprint failed", __progname); |
fatal("no matching hostkey found for key %s %s", |
fatal("%s: no matching hostkey found for key %s %s", __progname, |
sshkey_type(key), fp ? fp : ""); |
sshkey_type(key), fp ? fp : ""); |
} |
} |
|
|
if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, |
if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, |
NULL, NULL, NULL, 0)) != 0) |
NULL, NULL, NULL, 0)) != 0) |
fatal("sshkey_sign failed: %s", ssh_err(r)); |
fatal_r(r, "%s: sshkey_sign failed", __progname); |
free(data); |
free(data); |
|
|
/* send reply */ |
/* send reply */ |
sshbuf_reset(b); |
sshbuf_reset(b); |
if ((r = sshbuf_put_string(b, signature, slen)) != 0) |
if ((r = sshbuf_put_string(b, signature, slen)) != 0) |
fatal("%s: buffer error: %s", __progname, ssh_err(r)); |
fatal_r(r, "%s: buffer error", __progname); |
if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) |
if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) |
fatal("ssh_msg_send failed"); |
fatal("%s: ssh_msg_send failed", __progname); |
|
|
return (0); |
return (0); |
} |
} |