summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-11-25 00:51:37 +0000
committerDamien Miller <djm@mindrot.org>2019-11-25 12:23:33 +1100
commitb7e74ea072919b31391bc0f5ff653f80b9f5e84f (patch)
treeadb2a736c1b9f6346d342600877818631f9dbb3d /auth2-pubkey.c
parentd2b0f88178ec9e3f11b606bf1004ac2fe541a2c3 (diff)
upstream: Add new structure for signature options
This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index df12c2c6..2b698670 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.94 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.95 2019/11/25 00:51:37 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -98,6 +98,7 @@ userauth_pubkey(struct ssh *ssh)
int r, pktype;
int authenticated = 0;
struct sshauthopt *authopts = NULL;
+ struct sshkey_sig_details *sig_details = NULL;
if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
(r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
@@ -213,9 +214,14 @@ userauth_pubkey(struct ssh *ssh)
PRIVSEP(sshkey_verify(key, sig, slen,
sshbuf_ptr(b), sshbuf_len(b),
(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
- ssh->compat)) == 0) {
+ ssh->compat, &sig_details)) == 0) {
authenticated = 1;
}
+ if (sig_details != NULL) {
+ debug("%s: sk_counter = %u, sk_flags = 0x%02x",
+ __func__, sig_details->sk_counter,
+ sig_details->sk_flags);
+ }
auth2_record_key(authctxt, authenticated, key);
} else {
debug("%s: test pkalg %s pkblob %s%s%s",
@@ -266,6 +272,7 @@ done:
free(key_s);
free(ca_s);
free(sig);
+ sshkey_sig_details_free(sig_details);
return authenticated;
}