[BACK]Return to sshconnect2.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshconnect2.c between version 1.370 and 1.371

version 1.370, 2023/12/18 14:45:17 version 1.371, 2023/12/18 14:45:49
Line 452 
Line 452 
         authctxt.mech_tried = 0;          authctxt.mech_tried = 0;
 #endif  #endif
         authctxt.agent_fd = -1;          authctxt.agent_fd = -1;
         pubkey_prepare(ssh, &authctxt);          if (authctxt.method == NULL)
         if (authctxt.method == NULL) {  
                 fatal_f("internal error: cannot send userauth none request");                  fatal_f("internal error: cannot send userauth none request");
         }  
   
         if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||          if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
             (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||              (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||
Line 514 
Line 512 
         /* initial userauth request */          /* initial userauth request */
         userauth_none(ssh);          userauth_none(ssh);
   
         ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error);          /* accept EXT_INFO at any time during userauth */
           ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, ssh->kex->ext_info_s ?
               &kex_input_ext_info : &input_userauth_error);
         ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);          ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
         ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);          ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
         ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);          ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
Line 1671 
Line 1671 
         struct identity *id, *id2, *tmp;          struct identity *id, *id2, *tmp;
         struct idlist agent, files, *preferred;          struct idlist agent, files, *preferred;
         struct sshkey *key;          struct sshkey *key;
         int agent_fd = -1, i, r, found;          int disallowed, agent_fd = -1, i, r, found;
         size_t j;          size_t j;
         struct ssh_identitylist *idlist;          struct ssh_identitylist *idlist;
         char *ident;          char *cp, *ident;
   
         TAILQ_INIT(&agent);     /* keys from the agent */          TAILQ_INIT(&agent);     /* keys from the agent */
         TAILQ_INIT(&files);     /* keys from the config file */          TAILQ_INIT(&files);     /* keys from the config file */
Line 1792 
Line 1792 
         TAILQ_CONCAT(preferred, &files, next);          TAILQ_CONCAT(preferred, &files, next);
         /* finally, filter by PubkeyAcceptedAlgorithms */          /* finally, filter by PubkeyAcceptedAlgorithms */
         TAILQ_FOREACH_SAFE(id, preferred, next, id2) {          TAILQ_FOREACH_SAFE(id, preferred, next, id2) {
                 if (id->key != NULL && !key_type_allowed_by_config(id->key)) {                  disallowed = 0;
                         debug("Skipping %s key %s - "                  cp = NULL;
                             "corresponding algo not in PubkeyAcceptedAlgorithms",                  if (id->key == NULL)
                             sshkey_ssh_name(id->key), id->filename);  
                         TAILQ_REMOVE(preferred, id, next);  
                         sshkey_free(id->key);  
                         free(id->filename);  
                         memset(id, 0, sizeof(*id));  
                         continue;                          continue;
                   if (!key_type_allowed_by_config(id->key)) {
                           debug("Skipping %s key %s - corresponding algorithm "
                               "not in PubkeyAcceptedAlgorithms",
                               sshkey_ssh_name(id->key), id->filename);
                           disallowed = 1;
                   } else if (ssh->kex->server_sig_algs != NULL &&
                       (cp = key_sig_algorithm(ssh, id->key)) == NULL) {
                           debug("Skipping %s key %s - corresponding algorithm "
                               "not supported by server",
                               sshkey_ssh_name(id->key), id->filename);
                           disallowed = 1;
                 }                  }
                   free(cp);
                   if (!disallowed)
                           continue;
                   /* remove key */
                   TAILQ_REMOVE(preferred, id, next);
                   sshkey_free(id->key);
                   free(id->filename);
                   memset(id, 0, sizeof(*id));
         }          }
         /* List the keys we plan on using */          /* List the keys we plan on using */
         TAILQ_FOREACH_SAFE(id, preferred, next, id2) {          TAILQ_FOREACH_SAFE(id, preferred, next, id2) {
Line 1847 
Line 1861 
         Identity *id;          Identity *id;
         int sent = 0;          int sent = 0;
         char *ident;          char *ident;
           static int prepared;
   
           if (!prepared) {
                   pubkey_prepare(ssh, authctxt);
                   prepared = 1;
           }
   
         while ((id = TAILQ_FIRST(&authctxt->keys))) {          while ((id = TAILQ_FIRST(&authctxt->keys))) {
                 if (id->tried++)                  if (id->tried++)
Legend:
Removed from v.1.370  
changed lines
  Added in v.1.371