version 1.69, 2021/11/13 17:26:13 |
version 1.70, 2022/01/06 22:00:18 |
|
|
extern char *__progname; |
extern char *__progname; |
|
|
static int |
static int |
valid_request(struct passwd *pw, char *host, struct sshkey **ret, |
valid_request(struct passwd *pw, char *host, struct sshkey **ret, char **pkalgp, |
u_char *data, size_t datalen) |
u_char *data, size_t datalen) |
{ |
{ |
struct sshbuf *b; |
struct sshbuf *b; |
|
|
|
|
if (ret != NULL) |
if (ret != NULL) |
*ret = NULL; |
*ret = NULL; |
|
if (pkalgp != NULL) |
|
*pkalgp = NULL; |
fail = 0; |
fail = 0; |
|
|
if ((b = sshbuf_from(data, datalen)) == NULL) |
if ((b = sshbuf_from(data, datalen)) == NULL) |
|
|
fail++; |
fail++; |
} else if (key->type != pktype) |
} else if (key->type != pktype) |
fail++; |
fail++; |
free(pkalg); |
|
free(pkblob); |
|
|
|
/* client host name, handle trailing dot */ |
/* client host name, handle trailing dot */ |
if ((r = sshbuf_get_cstring(b, &p, &len)) != 0) |
if ((r = sshbuf_get_cstring(b, &p, &len)) != 0) |
|
|
|
|
if (fail) |
if (fail) |
sshkey_free(key); |
sshkey_free(key); |
else if (ret != NULL) |
else { |
*ret = key; |
if (ret != NULL) { |
|
*ret = key; |
|
key = NULL; |
|
} |
|
if (pkalgp != NULL) { |
|
*pkalgp = pkalg; |
|
pkalg = NULL; |
|
} |
|
} |
|
sshkey_free(key); |
|
free(pkalg); |
|
free(pkblob); |
|
|
return (fail ? -1 : 0); |
return (fail ? -1 : 0); |
} |
} |
|
|
struct passwd *pw; |
struct passwd *pw; |
int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd; |
int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd; |
u_char *signature, *data, rver; |
u_char *signature, *data, rver; |
char *host, *fp; |
char *host, *fp, *pkalg; |
size_t slen, dlen; |
size_t slen, dlen; |
|
|
if (pledge("stdio rpath getpw dns id", NULL) != 0) |
if (pledge("stdio rpath getpw dns id", NULL) != 0) |
|
|
|
|
if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) |
if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) |
fatal_r(r, "%s: buffer error", __progname); |
fatal_r(r, "%s: buffer error", __progname); |
if (valid_request(pw, host, &key, data, dlen) < 0) |
if (valid_request(pw, host, &key, &pkalg, data, dlen) < 0) |
fatal("%s: not a valid request", __progname); |
fatal("%s: not a valid request", __progname); |
free(host); |
free(host); |
|
|
|
|
} |
} |
|
|
if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, |
if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, |
NULL, NULL, NULL, 0)) != 0) |
pkalg, NULL, NULL, 0)) != 0) |
fatal_r(r, "%s: sshkey_sign failed", __progname); |
fatal_r(r, "%s: sshkey_sign failed", __progname); |
free(data); |
free(data); |
|
|