diff options
| -rw-r--r-- | ChangeLog | 16 | ||||
| -rw-r--r-- | auth2.c | 33 | ||||
| -rw-r--r-- | compat.c | 14 | ||||
| -rw-r--r-- | compat.h | 5 | ||||
| -rw-r--r-- | next-posix.h | 4 | ||||
| -rw-r--r-- | sshconnect2.c | 21 |
6 files changed, 68 insertions, 25 deletions
@@ -1,5 +1,19 @@ +20001204 + - (bal) More C functions defined in NeXT that are unaccessable without + defining -POSIX. + - (bal) OpenBSD CVS updates: + - markus@cvs.openbsd.org 2000/12/03 11:29:04 + [compat.c] + remove fallback to SSH_BUG_HMAC now that the drafts are updated + - markus@cvs.openbsd.org 2000/12/03 11:27:55 + [compat.c] + correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat + - markus@cvs.openbsd.org 2000/12/03 11:15:03 + [auth2.c compat.c compat.h sshconnect2.c] + support f-secure/ssh.com 2.0.12; ok niels@ + 20001203 -- (bal) OpenBSD CVS updates: + - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/11/30 22:54:31 [channels.c] debug->warn if tried to do -R style fwd w/o client requesting this; @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.21 2000/11/12 19:50:37 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.22 2000/12/03 11:15:02 markus Exp $"); #ifdef HAVE_OSF_SIA # include <sia.h> @@ -434,14 +434,27 @@ userauth_pubkey(Authctxt *authctxt) return 0; } have_sig = packet_get_char(); - pkalg = packet_get_string(&alen); + if (datafellows & SSH_BUG_PKAUTH) { + debug2("userauth_pubkey: SSH_BUG_PKAUTH"); + /* no explicit pkalg given */ + pkblob = packet_get_string(&blen); + buffer_init(&b); + buffer_append(&b, pkblob, blen); + /* so we have to extract the pkalg from the pkblob */ + pkalg = buffer_get_string(&b, &alen); + buffer_free(&b); + } else { + pkalg = packet_get_string(&alen); + pkblob = packet_get_string(&blen); + } pktype = key_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { - log("bad pkalg %s", pkalg); + /* this is perfectly legal */ + log("userauth_pubkey: unsupported public key algorithm: %s", pkalg); xfree(pkalg); + xfree(pkblob); return 0; } - pkblob = packet_get_string(&blen); key = key_from_blob(pkblob, blen); if (key != NULL) { if (have_sig) { @@ -457,12 +470,16 @@ userauth_pubkey(Authctxt *authctxt) buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, authctxt->user); buffer_put_cstring(&b, - datafellows & SSH_BUG_PUBKEYAUTH ? + datafellows & SSH_BUG_PKSERVICE ? "ssh-userauth" : authctxt->service); - buffer_put_cstring(&b, "publickey"); - buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, key_ssh_name(key)); + if (datafellows & SSH_BUG_PKAUTH) { + buffer_put_char(&b, have_sig); + } else { + buffer_put_cstring(&b, "publickey"); + buffer_put_char(&b, have_sig); + buffer_put_cstring(&b, key_ssh_name(key)); + } buffer_put_string(&b, pkblob, blen); #ifdef DEBUG_PK buffer_dump(&b); @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.27 2000/10/31 09:31:58 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.30 2000/12/03 11:29:04 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -64,17 +64,19 @@ compat_datafellows(const char *version) } check[] = { { "^OpenSSH[-_]2\\.[012]", SSH_OLD_SESSIONID }, { "MindTerm", 0 }, - { "^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID }, - { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID| - SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD }, - { "^2\\.[23]\\.0 ", SSH_BUG_HMAC}, + SSH_BUG_PKSERVICE|SSH_BUG_X11FWD }, + { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID|SSH_BUG_PKAUTH| + SSH_BUG_PKSERVICE|SSH_BUG_X11FWD }, + { "^2\\.[23]\\.0", SSH_BUG_HMAC}, { "^2\\.[2-9]\\.", 0 }, { "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */ { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID}, { "^1\\.7 SecureFX", SSH_OLD_SESSIONID}, - { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */ { NULL, 0 } }; /* process table, return first match */ @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: compat.h,v 1.11 2000/10/14 12:16:56 markus Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.12 2000/12/03 11:15:03 markus Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -32,10 +32,11 @@ #define SSH_PROTO_2 0x04 #define SSH_BUG_SIGBLOB 0x01 -#define SSH_BUG_PUBKEYAUTH 0x02 +#define SSH_BUG_PKSERVICE 0x02 #define SSH_BUG_HMAC 0x04 #define SSH_BUG_X11FWD 0x08 #define SSH_OLD_SESSIONID 0x10 +#define SSH_BUG_PKAUTH 0x20 void enable_compat13(void); void enable_compat20(void); diff --git a/next-posix.h b/next-posix.h index 46687754..92002060 100644 --- a/next-posix.h +++ b/next-posix.h @@ -37,9 +37,11 @@ pid_t posix_wait(int *status); #define wait(a) posix_wait(a) -/* #ifdef POSIX wrapped functions that need defining */ +/* #ifdef wrapped functions that need defining for clean compiling */ pid_t getppid(void); void vhangup(void); +int innetgr(const char *netgroup, const char *host, const char *user, + const char *domain); /* TERMCAP */ int tcgetattr(int fd, struct termios *t); diff --git a/sshconnect2.c b/sshconnect2.c index 69d9c49e..036519fa 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.30 2000/12/03 11:15:04 markus Exp $"); #include <openssl/bn.h> #include <openssl/rsa.h> @@ -647,8 +647,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) int ret = -1; int have_sig = 1; + debug3("sign_and_send_pubkey"); if (key_to_blob(k, &blob, &bloblen) == 0) { /* we cannot handle this key */ + debug3("sign_and_send_pubkey: cannot handle key"); return 0; } /* data to be signed */ @@ -663,12 +665,16 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, authctxt->server_user); buffer_put_cstring(&b, - datafellows & SSH_BUG_PUBKEYAUTH ? + datafellows & SSH_BUG_PKSERVICE ? "ssh-userauth" : authctxt->service); - buffer_put_cstring(&b, authctxt->method->name); - buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, key_ssh_name(k)); + if (datafellows & SSH_BUG_PKAUTH) { + buffer_put_char(&b, have_sig); + } else { + buffer_put_cstring(&b, authctxt->method->name); + buffer_put_char(&b, have_sig); + buffer_put_cstring(&b, key_ssh_name(k)); + } buffer_put_string(&b, blob, bloblen); /* generate signature */ @@ -681,7 +687,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) #ifdef DEBUG_PK buffer_dump(&b); #endif - if (datafellows & SSH_BUG_PUBKEYAUTH) { + if (datafellows & SSH_BUG_PKSERVICE) { buffer_clear(&b); buffer_append(&b, session_id2, session_id2_len); buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); @@ -689,7 +695,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) buffer_put_cstring(&b, authctxt->service); buffer_put_cstring(&b, authctxt->method->name); buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, key_ssh_name(k)); + if (!(datafellows & SSH_BUG_PKAUTH)) + buffer_put_cstring(&b, key_ssh_name(k)); buffer_put_string(&b, blob, bloblen); } xfree(blob); |