version 1.370, 2023/12/18 14:45:17 |
version 1.371, 2023/12/18 14:45:49 |
|
|
authctxt.mech_tried = 0; |
authctxt.mech_tried = 0; |
#endif |
#endif |
authctxt.agent_fd = -1; |
authctxt.agent_fd = -1; |
pubkey_prepare(ssh, &authctxt); |
if (authctxt.method == NULL) |
if (authctxt.method == NULL) { |
|
fatal_f("internal error: cannot send userauth none request"); |
fatal_f("internal error: cannot send userauth none request"); |
} |
|
|
|
if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || |
if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || |
(r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || |
(r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || |
|
|
/* initial userauth request */ |
/* initial userauth request */ |
userauth_none(ssh); |
userauth_none(ssh); |
|
|
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error); |
/* accept EXT_INFO at any time during userauth */ |
|
ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, ssh->kex->ext_info_s ? |
|
&kex_input_ext_info : &input_userauth_error); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); |
|
|
struct identity *id, *id2, *tmp; |
struct identity *id, *id2, *tmp; |
struct idlist agent, files, *preferred; |
struct idlist agent, files, *preferred; |
struct sshkey *key; |
struct sshkey *key; |
int agent_fd = -1, i, r, found; |
int disallowed, agent_fd = -1, i, r, found; |
size_t j; |
size_t j; |
struct ssh_identitylist *idlist; |
struct ssh_identitylist *idlist; |
char *ident; |
char *cp, *ident; |
|
|
TAILQ_INIT(&agent); /* keys from the agent */ |
TAILQ_INIT(&agent); /* keys from the agent */ |
TAILQ_INIT(&files); /* keys from the config file */ |
TAILQ_INIT(&files); /* keys from the config file */ |
|
|
TAILQ_CONCAT(preferred, &files, next); |
TAILQ_CONCAT(preferred, &files, next); |
/* finally, filter by PubkeyAcceptedAlgorithms */ |
/* finally, filter by PubkeyAcceptedAlgorithms */ |
TAILQ_FOREACH_SAFE(id, preferred, next, id2) { |
TAILQ_FOREACH_SAFE(id, preferred, next, id2) { |
if (id->key != NULL && !key_type_allowed_by_config(id->key)) { |
disallowed = 0; |
debug("Skipping %s key %s - " |
cp = NULL; |
"corresponding algo not in PubkeyAcceptedAlgorithms", |
if (id->key == NULL) |
sshkey_ssh_name(id->key), id->filename); |
|
TAILQ_REMOVE(preferred, id, next); |
|
sshkey_free(id->key); |
|
free(id->filename); |
|
memset(id, 0, sizeof(*id)); |
|
continue; |
continue; |
|
if (!key_type_allowed_by_config(id->key)) { |
|
debug("Skipping %s key %s - corresponding algorithm " |
|
"not in PubkeyAcceptedAlgorithms", |
|
sshkey_ssh_name(id->key), id->filename); |
|
disallowed = 1; |
|
} else if (ssh->kex->server_sig_algs != NULL && |
|
(cp = key_sig_algorithm(ssh, id->key)) == NULL) { |
|
debug("Skipping %s key %s - corresponding algorithm " |
|
"not supported by server", |
|
sshkey_ssh_name(id->key), id->filename); |
|
disallowed = 1; |
} |
} |
|
free(cp); |
|
if (!disallowed) |
|
continue; |
|
/* remove key */ |
|
TAILQ_REMOVE(preferred, id, next); |
|
sshkey_free(id->key); |
|
free(id->filename); |
|
memset(id, 0, sizeof(*id)); |
} |
} |
/* List the keys we plan on using */ |
/* List the keys we plan on using */ |
TAILQ_FOREACH_SAFE(id, preferred, next, id2) { |
TAILQ_FOREACH_SAFE(id, preferred, next, id2) { |
|
|
Identity *id; |
Identity *id; |
int sent = 0; |
int sent = 0; |
char *ident; |
char *ident; |
|
static int prepared; |
|
|
|
if (!prepared) { |
|
pubkey_prepare(ssh, authctxt); |
|
prepared = 1; |
|
} |
|
|
while ((id = TAILQ_FIRST(&authctxt->keys))) { |
while ((id = TAILQ_FIRST(&authctxt->keys))) { |
if (id->tried++) |
if (id->tried++) |