diff options
-rw-r--r-- | auth2-hostbased.c | 101 |
1 files changed, 53 insertions, 48 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index eddf797fe..728548396 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.28 2017/05/30 14:10:53 markus Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.29 2017/05/30 14:25:42 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -39,7 +39,7 @@ #include "misc.h" #include "servconf.h" #include "compat.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "canohost.h" @@ -48,6 +48,7 @@ #endif #include "monitor_wrap.h" #include "pathnames.h" +#include "ssherr.h" #include "match.h" /* import */ @@ -58,52 +59,54 @@ extern u_int session_id2_len; static int userauth_hostbased(Authctxt *authctxt) { - Buffer b; + struct ssh *ssh = active_state; /* XXX */ + struct sshbuf *b; struct sshkey *key = NULL; char *pkalg, *cuser, *chost, *service; u_char *pkblob, *sig; - u_int alen, blen, slen; - int pktype; - int authenticated = 0; + size_t alen, blen, slen; + int r, pktype, authenticated = 0; if (!authctxt->valid) { - debug2("userauth_hostbased: disabled because of invalid user"); + debug2("%s: disabled because of invalid user", __func__); return 0; } - pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); - chost = packet_get_string(NULL); - cuser = packet_get_string(NULL); - sig = packet_get_string(&slen); + /* XXX use sshkey_froms() */ + if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 || + (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || + (r = sshpkt_get_cstring(ssh, &chost, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &cuser, NULL)) != 0 || + (r = sshpkt_get_string(ssh, &sig, &slen)) != 0) + fatal("%s: packet parsing: %s", __func__, ssh_err(r)); - debug("userauth_hostbased: cuser %s chost %s pkalg %s slen %d", + debug("%s: cuser %s chost %s pkalg %s slen %zu", __func__, cuser, chost, pkalg, slen); #ifdef DEBUG_PK debug("signature:"); - buffer_init(&b); - buffer_append(&b, sig, slen); - buffer_dump(&b); - buffer_free(&b); + sshbuf_dump_data(sig, siglen, stderr); #endif - pktype = key_type_from_name(pkalg); + pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ - logit("userauth_hostbased: unsupported " - "public key algorithm: %s", pkalg); + logit("%s: unsupported public key algorithm: %s", + __func__, pkalg); + goto done; + } + if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { + error("%s: key_from_blob: %s", __func__, ssh_err(r)); goto done; } - key = key_from_blob(pkblob, blen); if (key == NULL) { - error("userauth_hostbased: cannot decode key: %s", pkalg); + error("%s: cannot decode key: %s", __func__, pkalg); goto done; } if (key->type != pktype) { - error("userauth_hostbased: type mismatch for decoded key " - "(received %d, expected %d)", key->type, pktype); + error("%s: type mismatch for decoded key " + "(received %d, expected %d)", __func__, key->type, pktype); goto done; } - if (key_type_plain(key->type) == KEY_RSA && - (datafellows & SSH_BUG_RSASIGMD5) != 0) { + if (sshkey_type_plain(key->type) == KEY_RSA && + (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { error("Refusing RSA key because peer uses unsafe " "signature format"); goto done; @@ -115,21 +118,23 @@ userauth_hostbased(Authctxt *authctxt) goto done; } - service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : + service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" : authctxt->service; - buffer_init(&b); - buffer_put_string(&b, session_id2, session_id2_len); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); /* reconstruct packet */ - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); - buffer_put_cstring(&b, authctxt->user); - buffer_put_cstring(&b, service); - buffer_put_cstring(&b, "hostbased"); - buffer_put_string(&b, pkalg, alen); - buffer_put_string(&b, pkblob, blen); - buffer_put_cstring(&b, chost); - buffer_put_cstring(&b, cuser); + if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->user)) != 0 || + (r = sshbuf_put_cstring(b, service)) != 0 || + (r = sshbuf_put_cstring(b, "hostbased")) != 0 || + (r = sshbuf_put_string(b, pkalg, alen)) != 0 || + (r = sshbuf_put_string(b, pkblob, blen)) != 0 || + (r = sshbuf_put_cstring(b, chost)) != 0 || + (r = sshbuf_put_cstring(b, cuser)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef DEBUG_PK - buffer_dump(&b); + sshbuf_dump(b, stderr); #endif pubkey_auth_info(authctxt, key, @@ -138,15 +143,15 @@ userauth_hostbased(Authctxt *authctxt) /* test for allowed key and correct signature */ authenticated = 0; if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && - PRIVSEP(sshkey_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b), 0)) == 0) + PRIVSEP(sshkey_verify(key, sig, slen, + sshbuf_ptr(b), sshbuf_len(b), ssh->compat)) == 0) authenticated = 1; - buffer_free(&b); + sshbuf_free(b); done: - debug2("userauth_hostbased: authenticated %d", authenticated); + debug2("%s: authenticated %d", __func__, authenticated); if (key != NULL) - key_free(key); + sshkey_free(key); free(pkalg); free(pkblob); free(cuser); @@ -203,8 +208,8 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, } debug2("%s: access allowed by auth_rhosts2", __func__); - if (key_is_cert(key) && - key_cert_check_authority(key, 1, 0, lookup, &reason)) { + if (sshkey_is_cert(key) && + sshkey_cert_check_authority(key, 1, 0, lookup, &reason)) { error("%s", reason); auth_debug_add("%s", reason); return 0; @@ -223,20 +228,20 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, } if (host_status == HOST_OK) { - if (key_is_cert(key)) { + if (sshkey_is_cert(key)) { if ((fp = sshkey_fingerprint(key->cert->signature_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) fatal("%s: sshkey_fingerprint fail", __func__); verbose("Accepted certificate ID \"%s\" signed by " "%s CA %s from %s@%s", key->cert->key_id, - key_type(key->cert->signature_key), fp, + sshkey_type(key->cert->signature_key), fp, cuser, lookup); } else { if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) fatal("%s: sshkey_fingerprint fail", __func__); verbose("Accepted %s public key %s from %s@%s", - key_type(key), fp, cuser, lookup); + sshkey_type(key), fp, cuser, lookup); } free(fp); } |