tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/06/04 19:53:40 

[monitor.c]
     save the session id (hash) for ssh2 (it will be passed with the
     initial sign request) and verify that this value is used during
     authentication; ok provos@
This commit is contained in:
Ben Lindstrom 2002-06-06 20:58:19 +00:00
parent dcf6bfbfbd
commit f67e07711f
2 changed files with 37 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -87,6 +87,11 @@
- markus@cvs.openbsd.org 2002/06/04 19:42:35 - markus@cvs.openbsd.org 2002/06/04 19:42:35
[monitor.c] [monitor.c]
only allow enabled authentication methods; ok provos@ only allow enabled authentication methods; ok provos@
- markus@cvs.openbsd.org 2002/06/04 19:53:40
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
20020604 20020604
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
@ -771,4 +776,4 @@
- (stevesk) entropy.c: typo in debug message - (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2167 2002/06/06 20:57:17 mouring Exp $ $Id: ChangeLog,v 1.2168 2002/06/06 20:58:19 mouring Exp $

38
monitor.c
View File

@ -25,7 +25,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.12 2002/06/04 19:42:35 markus Exp $"); RCSID("$OpenBSD: monitor.c,v 1.13 2002/06/04 19:53:40 markus Exp $");
#include <openssl/dh.h> #include <openssl/dh.h>
@ -128,6 +128,8 @@ static int key_blobtype = MM_NOKEY;
static u_char *hostbased_cuser = NULL; static u_char *hostbased_cuser = NULL;
static u_char *hostbased_chost = NULL; static u_char *hostbased_chost = NULL;
static char *auth_method = "unknown"; static char *auth_method = "unknown";
static int session_id2_len = 0;
static u_char *session_id2 = NULL;
struct mon_table { struct mon_table {
enum monitor_reqtype type; enum monitor_reqtype type;
@ -454,6 +456,13 @@ mm_answer_sign(int socket, Buffer *m)
if (datlen != 20) if (datlen != 20)
fatal("%s: data length incorrect: %d", __FUNCTION__, datlen); fatal("%s: data length incorrect: %d", __FUNCTION__, datlen);
/* save session id, it will be passed on the first call */
if (session_id2_len == 0) {
session_id2_len = datlen;
session_id2 = xmalloc(session_id2_len);
memcpy(session_id2, p, session_id2_len);
}
if ((key = get_hostkey_by_index(keyid)) == NULL) if ((key = get_hostkey_by_index(keyid)) == NULL)
fatal("%s: no hostkey from index %d", __FUNCTION__, keyid); fatal("%s: no hostkey from index %d", __FUNCTION__, keyid);
if (key_sign(key, &signature, &siglen, p, datlen) < 0) if (key_sign(key, &signature, &siglen, p, datlen) < 0)
@ -819,17 +828,25 @@ monitor_valid_userblob(u_char *data, u_int datalen)
u_char *p; u_char *p;
u_int len; u_int len;
int fail = 0; int fail = 0;
int session_id2_len = 20 /*XXX should get from [net] */;
buffer_init(&b); buffer_init(&b);
buffer_append(&b, data, datalen); buffer_append(&b, data, datalen);
if (datafellows & SSH_OLD_SESSIONID) { if (datafellows & SSH_OLD_SESSIONID) {
p = buffer_ptr(&b);
len = buffer_len(&b);
if ((session_id2 == NULL) ||
(len < session_id2_len) ||
(memcmp(p, session_id2, session_id2_len) != 0))
fail++;
buffer_consume(&b, session_id2_len); buffer_consume(&b, session_id2_len);
} else { } else {
xfree(buffer_get_string(&b, &len)); p = buffer_get_string(&b, &len);
if (len != session_id2_len) if ((session_id2 == NULL) ||
(len != session_id2_len) ||
(memcmp(p, session_id2, session_id2_len) != 0))
fail++; fail++;
xfree(p);
} }
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++; fail++;
@ -868,14 +885,17 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser,
u_char *p; u_char *p;
u_int len; u_int len;
int fail = 0; int fail = 0;
int session_id2_len = 20 /*XXX should get from [net] */;
buffer_init(&b); buffer_init(&b);
buffer_append(&b, data, datalen); buffer_append(&b, data, datalen);
xfree(buffer_get_string(&b, &len)); p = buffer_get_string(&b, &len);
if (len != session_id2_len) if ((session_id2 == NULL) ||
(len != session_id2_len) ||
(memcmp(p, session_id2, session_id2_len) != 0))
fail++; fail++;
xfree(p);
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++; fail++;
p = buffer_get_string(&b, NULL); p = buffer_get_string(&b, NULL);
@ -1334,6 +1354,10 @@ mm_get_kex(Buffer *m)
kex = xmalloc(sizeof(*kex)); kex = xmalloc(sizeof(*kex));
memset(kex, 0, sizeof(*kex)); memset(kex, 0, sizeof(*kex));
kex->session_id = buffer_get_string(m, &kex->session_id_len); kex->session_id = buffer_get_string(m, &kex->session_id_len);
if ((session_id2 == NULL) ||
(kex->session_id_len != session_id2_len) ||
(memcmp(kex->session_id, session_id2, session_id2_len) != 0))
fatal("mm_get_get: internal error: bad session id");
kex->we_need = buffer_get_int(m); kex->we_need = buffer_get_int(m);
kex->server = 1; kex->server = 1;
kex->hostkey_type = buffer_get_int(m); kex->hostkey_type = buffer_get_int(m);