tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2013/03/07 00:19:59 

[auth2-pubkey.c monitor.c]
     reconstruct the original username that was sent by the client, which may
     have included a style (e.g. "root:skey") when checking public key
     signatures. Fixes public key and hostbased auth when the client specified
     a style; ok markus@
This commit is contained in:
Damien Miller 2013-04-23 15:17:52 +10:00
parent 5cbec4c259
commit 4ce189d910
3 changed files with 32 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -13,6 +13,12 @@
- djm@cvs.openbsd.org 2013/03/06 23:36:53 - djm@cvs.openbsd.org 2013/03/06 23:36:53
[readconf.c] [readconf.c]
g/c unused variable (-Wunused) g/c unused variable (-Wunused)
- djm@cvs.openbsd.org 2013/03/07 00:19:59
[auth2-pubkey.c monitor.c]
reconstruct the original username that was sent by the client, which may
have included a style (e.g. "root:skey") when checking public key
signatures. Fixes public key and hostbased auth when the client specified
a style; ok markus@
20130418 20130418
- (djm) [config.guess config.sub] Update to last versions before they switch - (djm) [config.guess config.sub] Update to last versions before they switch

10
auth2-pubkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-pubkey.c,v 1.34 2013/02/14 21:35:59 djm Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.35 2013/03/07 00:19:59 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -75,7 +75,7 @@ userauth_pubkey(Authctxt *authctxt)
{ {
Buffer b; Buffer b;
Key *key = NULL; Key *key = NULL;
char *pkalg; char *pkalg, *userstyle;
u_char *pkblob, *sig; u_char *pkblob, *sig;
u_int alen, blen, slen; u_int alen, blen, slen;
int have_sig, pktype; int have_sig, pktype;
@ -127,7 +127,11 @@ userauth_pubkey(Authctxt *authctxt)
} }
/* reconstruct packet */ /* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user); xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
buffer_put_cstring(&b, userstyle);
free(userstyle);
buffer_put_cstring(&b, buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ? datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" : "ssh-userauth" :

30
monitor.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */ /* $OpenBSD: monitor.c,v 1.121 2013/03/07 00:19:59 djm Exp $ */
/* /*
* Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org> * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -1237,7 +1237,7 @@ static int
monitor_valid_userblob(u_char *data, u_int datalen) monitor_valid_userblob(u_char *data, u_int datalen)
{ {
Buffer b; Buffer b;
char *p; char *p, *userstyle;
u_int len; u_int len;
int fail = 0; int fail = 0;
@ -1262,19 +1262,23 @@ monitor_valid_userblob(u_char *data, u_int datalen)
} }
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++; fail++;
p = buffer_get_string(&b, NULL); p = buffer_get_cstring(&b, NULL);
if (strcmp(authctxt->user, p) != 0) { xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
if (strcmp(userstyle, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s", logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p); userstyle, p);
fail++; fail++;
} }
xfree(userstyle);
xfree(p); xfree(p);
buffer_skip_string(&b); buffer_skip_string(&b);
if (datafellows & SSH_BUG_PKAUTH) { if (datafellows & SSH_BUG_PKAUTH) {
if (!buffer_get_char(&b)) if (!buffer_get_char(&b))
fail++; fail++;
} else { } else {
p = buffer_get_string(&b, NULL); p = buffer_get_cstring(&b, NULL);
if (strcmp("publickey", p) != 0) if (strcmp("publickey", p) != 0)
fail++; fail++;
xfree(p); xfree(p);
@ -1294,7 +1298,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
char *chost) char *chost)
{ {
Buffer b; Buffer b;
char *p; char *p, *userstyle;
u_int len; u_int len;
int fail = 0; int fail = 0;
@ -1310,15 +1314,19 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++; fail++;
p = buffer_get_string(&b, NULL); p = buffer_get_cstring(&b, NULL);
if (strcmp(authctxt->user, p) != 0) { xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
if (strcmp(userstyle, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s", logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p); userstyle, p);
fail++; fail++;
} }
free(userstyle);
xfree(p); xfree(p);
buffer_skip_string(&b); /* service */ buffer_skip_string(&b); /* service */
p = buffer_get_string(&b, NULL); p = buffer_get_cstring(&b, NULL);
if (strcmp(p, "hostbased") != 0) if (strcmp(p, "hostbased") != 0)
fail++; fail++;
xfree(p); xfree(p);