summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2000-12-03 17:00:47 +0000
committerBen Lindstrom <mouring@eviladmin.org>2000-12-03 17:00:47 +0000
commitd121f613708c3c9c82465b0788550943a918d5c8 (patch)
tree2e1f2364b459a1a7003d4907f4abae63d069634f
parentb84815880e453346667d6d2b3f02904674848a7a (diff)
20001204
- (bal) More C functions defined in NeXT that are unaccessable without defining -POSIX. - (bal) OpenBSD CVS updates: - markus@cvs.openbsd.org 2000/12/03 11:29:04 [compat.c] remove fallback to SSH_BUG_HMAC now that the drafts are updated - markus@cvs.openbsd.org 2000/12/03 11:27:55 [compat.c] correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat - markus@cvs.openbsd.org 2000/12/03 11:15:03 [auth2.c compat.c compat.h sshconnect2.c] support f-secure/ssh.com 2.0.12; ok niels@
-rw-r--r--ChangeLog16
-rw-r--r--auth2.c33
-rw-r--r--compat.c14
-rw-r--r--compat.h5
-rw-r--r--next-posix.h4
-rw-r--r--sshconnect2.c21
6 files changed, 68 insertions, 25 deletions
diff --git a/ChangeLog b/ChangeLog
index f598574c..f5d13bc5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,19 @@
+20001204
+ - (bal) More C functions defined in NeXT that are unaccessable without
+ defining -POSIX.
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/03 11:29:04
+ [compat.c]
+ remove fallback to SSH_BUG_HMAC now that the drafts are updated
+ - markus@cvs.openbsd.org 2000/12/03 11:27:55
+ [compat.c]
+ correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat
+ - markus@cvs.openbsd.org 2000/12/03 11:15:03
+ [auth2.c compat.c compat.h sshconnect2.c]
+ support f-secure/ssh.com 2.0.12; ok niels@
+
20001203
-- (bal) OpenBSD CVS updates:
+ - (bal) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/11/30 22:54:31
[channels.c]
debug->warn if tried to do -R style fwd w/o client requesting this;
diff --git a/auth2.c b/auth2.c
index 8e8edf92..030e28da 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.21 2000/11/12 19:50:37 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.22 2000/12/03 11:15:02 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
@@ -434,14 +434,27 @@ userauth_pubkey(Authctxt *authctxt)
return 0;
}
have_sig = packet_get_char();
- pkalg = packet_get_string(&alen);
+ if (datafellows & SSH_BUG_PKAUTH) {
+ debug2("userauth_pubkey: SSH_BUG_PKAUTH");
+ /* no explicit pkalg given */
+ pkblob = packet_get_string(&blen);
+ buffer_init(&b);
+ buffer_append(&b, pkblob, blen);
+ /* so we have to extract the pkalg from the pkblob */
+ pkalg = buffer_get_string(&b, &alen);
+ buffer_free(&b);
+ } else {
+ pkalg = packet_get_string(&alen);
+ pkblob = packet_get_string(&blen);
+ }
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
- log("bad pkalg %s", pkalg);
+ /* this is perfectly legal */
+ log("userauth_pubkey: unsupported public key algorithm: %s", pkalg);
xfree(pkalg);
+ xfree(pkblob);
return 0;
}
- pkblob = packet_get_string(&blen);
key = key_from_blob(pkblob, blen);
if (key != NULL) {
if (have_sig) {
@@ -457,12 +470,16 @@ userauth_pubkey(Authctxt *authctxt)
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user);
buffer_put_cstring(&b,
- datafellows & SSH_BUG_PUBKEYAUTH ?
+ datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
- buffer_put_cstring(&b, "publickey");
- buffer_put_char(&b, have_sig);
- buffer_put_cstring(&b, key_ssh_name(key));
+ if (datafellows & SSH_BUG_PKAUTH) {
+ buffer_put_char(&b, have_sig);
+ } else {
+ buffer_put_cstring(&b, "publickey");
+ buffer_put_char(&b, have_sig);
+ buffer_put_cstring(&b, key_ssh_name(key));
+ }
buffer_put_string(&b, pkblob, blen);
#ifdef DEBUG_PK
buffer_dump(&b);
diff --git a/compat.c b/compat.c
index 362c3cb8..b4e99a92 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.27 2000/10/31 09:31:58 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.30 2000/12/03 11:29:04 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -64,17 +64,19 @@ compat_datafellows(const char *version)
} check[] = {
{ "^OpenSSH[-_]2\\.[012]", SSH_OLD_SESSIONID },
{ "MindTerm", 0 },
- { "^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID },
- { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ { "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|
- SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD },
- { "^2\\.[23]\\.0 ", SSH_BUG_HMAC},
+ SSH_BUG_PKSERVICE|SSH_BUG_X11FWD },
+ { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ SSH_OLD_SESSIONID|SSH_BUG_PKAUTH|
+ SSH_BUG_PKSERVICE|SSH_BUG_X11FWD },
+ { "^2\\.[23]\\.0", SSH_BUG_HMAC},
{ "^2\\.[2-9]\\.", 0 },
{ "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */
{ "^3\\.0 SecureCRT", SSH_OLD_SESSIONID},
{ "^1\\.7 SecureFX", SSH_OLD_SESSIONID},
- { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */
{ NULL, 0 }
};
/* process table, return first match */
diff --git a/compat.h b/compat.h
index f14efafa..86e47150 100644
--- a/compat.h
+++ b/compat.h
@@ -21,7 +21,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$OpenBSD: compat.h,v 1.11 2000/10/14 12:16:56 markus Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.12 2000/12/03 11:15:03 markus Exp $"); */
#ifndef COMPAT_H
#define COMPAT_H
@@ -32,10 +32,11 @@
#define SSH_PROTO_2 0x04
#define SSH_BUG_SIGBLOB 0x01
-#define SSH_BUG_PUBKEYAUTH 0x02
+#define SSH_BUG_PKSERVICE 0x02
#define SSH_BUG_HMAC 0x04
#define SSH_BUG_X11FWD 0x08
#define SSH_OLD_SESSIONID 0x10
+#define SSH_BUG_PKAUTH 0x20
void enable_compat13(void);
void enable_compat20(void);
diff --git a/next-posix.h b/next-posix.h
index 46687754..92002060 100644
--- a/next-posix.h
+++ b/next-posix.h
@@ -37,9 +37,11 @@
pid_t posix_wait(int *status);
#define wait(a) posix_wait(a)
-/* #ifdef POSIX wrapped functions that need defining */
+/* #ifdef wrapped functions that need defining for clean compiling */
pid_t getppid(void);
void vhangup(void);
+int innetgr(const char *netgroup, const char *host, const char *user,
+ const char *domain);
/* TERMCAP */
int tcgetattr(int fd, struct termios *t);
diff --git a/sshconnect2.c b/sshconnect2.c
index 69d9c49e..036519fa 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.29 2000/11/23 21:03:47 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.30 2000/12/03 11:15:04 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -647,8 +647,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
int ret = -1;
int have_sig = 1;
+ debug3("sign_and_send_pubkey");
if (key_to_blob(k, &blob, &bloblen) == 0) {
/* we cannot handle this key */
+ debug3("sign_and_send_pubkey: cannot handle key");
return 0;
}
/* data to be signed */
@@ -663,12 +665,16 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->server_user);
buffer_put_cstring(&b,
- datafellows & SSH_BUG_PUBKEYAUTH ?
+ datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
authctxt->service);
- buffer_put_cstring(&b, authctxt->method->name);
- buffer_put_char(&b, have_sig);
- buffer_put_cstring(&b, key_ssh_name(k));
+ if (datafellows & SSH_BUG_PKAUTH) {
+ buffer_put_char(&b, have_sig);
+ } else {
+ buffer_put_cstring(&b, authctxt->method->name);
+ buffer_put_char(&b, have_sig);
+ buffer_put_cstring(&b, key_ssh_name(k));
+ }
buffer_put_string(&b, blob, bloblen);
/* generate signature */
@@ -681,7 +687,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
- if (datafellows & SSH_BUG_PUBKEYAUTH) {
+ if (datafellows & SSH_BUG_PKSERVICE) {
buffer_clear(&b);
buffer_append(&b, session_id2, session_id2_len);
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
@@ -689,7 +695,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
buffer_put_cstring(&b, authctxt->service);
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
- buffer_put_cstring(&b, key_ssh_name(k));
+ if (!(datafellows & SSH_BUG_PKAUTH))
+ buffer_put_cstring(&b, key_ssh_name(k));
buffer_put_string(&b, blob, bloblen);
}
xfree(blob);