20001204

- (bal) More C functions defined in NeXT that are unaccessable without defining -POSIX. - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/03 11:29:04 [compat.c] remove fallback to SSH_BUG_HMAC now that the drafts are updated - markus@cvs.openbsd.org 2000/12/03 11:27:55 [compat.c] correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat - markus@cvs.openbsd.org 2000/12/03 11:15:03 [auth2.c compat.c compat.h sshconnect2.c] support f-secure/ssh.com 2.0.12; ok niels@
2000-12-03 17:00:47 +00:00 · 2000-12-03 17:00:47 +00:00 · d121f61370
parent b84815880e
commit d121f61370
6 changed files with 68 additions and 25 deletions
--- a/16
+++ b/16
@ -1,5 +1,19 @@
+20001204
+ - (bal) More C functions defined in NeXT that are unaccessable without
+   defining -POSIX.  
+ - (bal) OpenBSD CVS updates: 
+   - markus@cvs.openbsd.org 2000/12/03 11:29:04 
+     [compat.c]
+     remove fallback to SSH_BUG_HMAC now that the drafts are updated
+   - markus@cvs.openbsd.org 2000/12/03 11:27:55
+     [compat.c]
+     correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat
+   - markus@cvs.openbsd.org 2000/12/03 11:15:03
+     [auth2.c compat.c compat.h sshconnect2.c]
+     support f-secure/ssh.com 2.0.12; ok niels@
+
 20001203
- (bal) OpenBSD CVS updates:
+ - (bal) OpenBSD CVS updates:
  - markus@cvs.openbsd.org 2000/11/30 22:54:31
    [channels.c]
    debug->warn if tried to do -R style fwd w/o client requesting this; 
--- a/auth2.c
+++ b/auth2.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.21 2000/11/12 19:50:37 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.22 2000/12/03 11:15:02 markus Exp $");

 #ifdef HAVE_OSF_SIA
 # include <sia.h>
@ -434,14 +434,27 @@ userauth_pubkey(Authctxt *authctxt)
 		return 0;
 	}
 	have_sig = packet_get_char();
-	pkalg = packet_get_string(&alen);
+	if (datafellows & SSH_BUG_PKAUTH) {
+		debug2("userauth_pubkey: SSH_BUG_PKAUTH");
+		/* no explicit pkalg given */
+		pkblob = packet_get_string(&blen);
+		buffer_init(&b);
+		buffer_append(&b, pkblob, blen);
+		/* so we have to extract the pkalg from the pkblob */
+		pkalg = buffer_get_string(&b, &alen);
+		buffer_free(&b);
+	} else {
+		pkalg = packet_get_string(&alen);
+		pkblob = packet_get_string(&blen);
+	}
 	pktype = key_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
-		log("bad pkalg %s", pkalg);
+		/* this is perfectly legal */
+		log("userauth_pubkey: unsupported public key algorithm: %s", pkalg);
 		xfree(pkalg);
+		xfree(pkblob);
 		return 0;
 	}
-	pkblob = packet_get_string(&blen);
 	key = key_from_blob(pkblob, blen);
 	if (key != NULL) {
 		if (have_sig) {
@ -457,12 +470,16 @@ userauth_pubkey(Authctxt *authctxt)
 			buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 			buffer_put_cstring(&b, authctxt->user);
 			buffer_put_cstring(&b,
-			    datafellows & SSH_BUG_PUBKEYAUTH ?
+			    datafellows & SSH_BUG_PKSERVICE ?
 			    "ssh-userauth" :
 			    authctxt->service);
-			buffer_put_cstring(&b, "publickey");
-			buffer_put_char(&b, have_sig);
-			buffer_put_cstring(&b, key_ssh_name(key));
+			if (datafellows & SSH_BUG_PKAUTH) {
+				buffer_put_char(&b, have_sig);
+			} else {
+				buffer_put_cstring(&b, "publickey");
+				buffer_put_char(&b, have_sig);
+				buffer_put_cstring(&b, key_ssh_name(key));
+			}
 			buffer_put_string(&b, pkblob, blen);
 #ifdef DEBUG_PK
 			buffer_dump(&b);
--- a/compat.c
+++ b/compat.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.27 2000/10/31 09:31:58 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.30 2000/12/03 11:29:04 markus Exp $");

 #include "ssh.h"
 #include "packet.h"
@ -64,17 +64,19 @@ compat_datafellows(const char *version)
 	} check[] = {
 		{ "^OpenSSH[-_]2\\.[012]",	SSH_OLD_SESSIONID },
 		{ "MindTerm",		0 },
-		{ "^2\\.1\\.0 ",	SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+		{ "^2\\.1\\.0",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
 					SSH_OLD_SESSIONID },
-		{ "^2\\.0\\.",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+		{ "^2\\.0\\.1[3-9]",	SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
 					SSH_OLD_SESSIONID|
-					SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD },
-		{ "^2\\.[23]\\.0 ",	SSH_BUG_HMAC},
+					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD },
+		{ "^2\\.0\\.",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+					SSH_OLD_SESSIONID|SSH_BUG_PKAUTH|
+					SSH_BUG_PKSERVICE|SSH_BUG_X11FWD },
+		{ "^2\\.[23]\\.0",	SSH_BUG_HMAC},
 		{ "^2\\.[2-9]\\.",	0 },
 		{ "^2\\.4$",		SSH_OLD_SESSIONID}, /* Van Dyke */
 		{ "^3\\.0 SecureCRT",	SSH_OLD_SESSIONID},
 		{ "^1\\.7 SecureFX",	SSH_OLD_SESSIONID},
-		{ "^2\\.",		SSH_BUG_HMAC},	/* XXX fallback */
 		{ NULL,			0 }
 	};
 	/* process table, return first match */
--- a/compat.h
+++ b/compat.h
@ -21,7 +21,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* RCSID("$OpenBSD: compat.h,v 1.11 2000/10/14 12:16:56 markus Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.12 2000/12/03 11:15:03 markus Exp $"); */

 #ifndef COMPAT_H
 #define COMPAT_H
@ -32,10 +32,11 @@
 #define	SSH_PROTO_2		0x04

 #define SSH_BUG_SIGBLOB		0x01
-#define SSH_BUG_PUBKEYAUTH	0x02
+#define SSH_BUG_PKSERVICE	0x02
 #define SSH_BUG_HMAC		0x04
 #define SSH_BUG_X11FWD		0x08
 #define SSH_OLD_SESSIONID	0x10
+#define SSH_BUG_PKAUTH		0x20

 void    enable_compat13(void);
 void    enable_compat20(void);
--- a/next-posix.h
+++ b/next-posix.h
@ -37,9 +37,11 @@
 pid_t posix_wait(int *status);
 #define wait(a) posix_wait(a)

-/* #ifdef POSIX wrapped functions that need defining */
+/* #ifdef wrapped functions that need defining for clean compiling */
 pid_t getppid(void);
 void vhangup(void);
+int innetgr(const char *netgroup, const char *host, const char *user, 
+            const char *domain);

 /* TERMCAP */
 int tcgetattr(int fd, struct termios *t);
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.30 2000/12/03 11:15:04 markus Exp $");

 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@ -647,8 +647,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
 	int ret = -1;
 	int have_sig = 1;

+	debug3("sign_and_send_pubkey");
 	if (key_to_blob(k, &blob, &bloblen) == 0) {
 		/* we cannot handle this key */
+		debug3("sign_and_send_pubkey: cannot handle key");
 		return 0;
 	}
 	/* data to be signed */
@ -663,12 +665,16 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
 	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 	buffer_put_cstring(&b, authctxt->server_user);
 	buffer_put_cstring(&b,
-	    datafellows & SSH_BUG_PUBKEYAUTH ?
+	    datafellows & SSH_BUG_PKSERVICE ?
 	    "ssh-userauth" :
 	    authctxt->service);
-	buffer_put_cstring(&b, authctxt->method->name);
-	buffer_put_char(&b, have_sig);
-	buffer_put_cstring(&b, key_ssh_name(k)); 
+	if (datafellows & SSH_BUG_PKAUTH) {
+		buffer_put_char(&b, have_sig);
+	} else {
+		buffer_put_cstring(&b, authctxt->method->name);
+		buffer_put_char(&b, have_sig);
+		buffer_put_cstring(&b, key_ssh_name(k)); 
+	}
 	buffer_put_string(&b, blob, bloblen);

 	/* generate signature */
@ -681,7 +687,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
 #ifdef DEBUG_PK
 	buffer_dump(&b);
 #endif
-	if (datafellows & SSH_BUG_PUBKEYAUTH) {
+	if (datafellows & SSH_BUG_PKSERVICE) {
 		buffer_clear(&b);
 		buffer_append(&b, session_id2, session_id2_len);
 		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
@ -689,7 +695,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
 		buffer_put_cstring(&b, authctxt->service);
 		buffer_put_cstring(&b, authctxt->method->name);
 		buffer_put_char(&b, have_sig);
-		buffer_put_cstring(&b, key_ssh_name(k)); 
+		if (!(datafellows & SSH_BUG_PKAUTH))
+			buffer_put_cstring(&b, key_ssh_name(k)); 
 		buffer_put_string(&b, blob, bloblen);
 	}
 	xfree(blob);