From 179be0f5e62f1f492462571944e45a3da660d82b Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 1 May 2015 03:23:51 +0000 Subject: [PATCH] upstream commit prevent authorized_keys options picked up on public key tests without a corresponding private key authentication being applied to other authentication methods. Reported by halex@, ok markus@ --- auth.h | 2 +- auth2-pubkey.c | 6 +++--- monitor.c | 6 ++++-- monitor_wrap.c | 15 +++++++++------ monitor_wrap.h | 6 +++--- 5 files changed, 20 insertions(+), 15 deletions(-) diff --git a/auth.h b/auth.h index cc4086b36..8b27575b0 100644 --- a/auth.h +++ b/auth.h @@ -126,7 +126,7 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); -int user_key_allowed(struct passwd *, Key *); +int user_key_allowed(struct passwd *, Key *, int); void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) __attribute__((__format__ (printf, 3, 4))); void auth2_record_userkey(Authctxt *, struct sshkey *); diff --git a/auth2-pubkey.c b/auth2-pubkey.c index e103b70af..f96e843c2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -169,7 +169,7 @@ userauth_pubkey(Authctxt *authctxt) /* test for correct signature */ authenticated = 0; - if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && + if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) && PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b))) == 1) { authenticated = 1; @@ -191,7 +191,7 @@ userauth_pubkey(Authctxt *authctxt) * if a user is not allowed to login. is this an * issue? -markus */ - if (PRIVSEP(user_key_allowed(authctxt->pw, key))) { + if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0))) { packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); packet_put_string(pkblob, blen); @@ -671,7 +671,7 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) * Check whether key authenticates and authorises the user. */ int -user_key_allowed(struct passwd *pw, Key *key) +user_key_allowed(struct passwd *pw, Key *key, int auth_attempt) { u_int success, i; char *file; diff --git a/monitor.c b/monitor.c index d0ee4f7a6..f520c978f 100644 --- a/monitor.c +++ b/monitor.c @@ -1185,7 +1185,7 @@ mm_answer_keyallowed(int sock, Buffer *m) Key *key; char *cuser, *chost; u_char *blob; - u_int bloblen; + u_int bloblen, pubkey_auth_attempt; enum mm_keytype type = 0; int allowed = 0; @@ -1195,6 +1195,7 @@ mm_answer_keyallowed(int sock, Buffer *m) cuser = buffer_get_string(m, NULL); chost = buffer_get_string(m, NULL); blob = buffer_get_string(m, &bloblen); + pubkey_auth_attempt = buffer_get_int(m); key = key_from_blob(blob, bloblen); @@ -1220,7 +1221,8 @@ mm_answer_keyallowed(int sock, Buffer *m) pubkey_auth_attempt); pubkey_auth_info(authctxt, key, NULL); auth_method = "publickey"; - if (options.pubkey_authentication && allowed != 1) + if (options.pubkey_authentication && + (!pubkey_auth_attempt || allowed != 1)) auth_clear_options(); break; case MM_HOSTKEY: diff --git a/monitor_wrap.c b/monitor_wrap.c index d39d491c2..e6217b3d4 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.84 2015/02/16 22:13:32 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.85 2015/05/01 03:23:51 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -371,16 +371,17 @@ mm_auth_password(Authctxt *authctxt, char *password) } int -mm_user_key_allowed(struct passwd *pw, Key *key) +mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt) { - return (mm_key_allowed(MM_USERKEY, NULL, NULL, key)); + return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, + pubkey_auth_attempt)); } int mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host, Key *key) { - return (mm_key_allowed(MM_HOSTKEY, user, host, key)); + return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); } int @@ -390,13 +391,14 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user, int ret; key->type = KEY_RSA; /* XXX hack for key_to_blob */ - ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key); + ret = mm_key_allowed(MM_RSAHOSTKEY, user, host, key, 0); key->type = KEY_RSA1; return (ret); } int -mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) +mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key, + int pubkey_auth_attempt) { Buffer m; u_char *blob; @@ -414,6 +416,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) buffer_put_cstring(&m, user ? user : ""); buffer_put_cstring(&m, host ? host : ""); buffer_put_string(&m, blob, len); + buffer_put_int(&m, pubkey_auth_attempt); free(blob); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); diff --git a/monitor_wrap.h b/monitor_wrap.h index e18784ac4..de4a08f99 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.26 2015/02/16 22:13:32 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.27 2015/05/01 03:23:51 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -45,8 +45,8 @@ void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(const char *); char *mm_auth2_read_banner(void); int mm_auth_password(struct Authctxt *, char *); -int mm_key_allowed(enum mm_keytype, char *, char *, Key *); -int mm_user_key_allowed(struct passwd *, Key *); +int mm_key_allowed(enum mm_keytype, char *, char *, Key *, int); +int mm_user_key_allowed(struct passwd *, Key *, int); int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *); int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);