shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 18:50:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

auth: Fix ecdsa pubkey auth

Browse Source 
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Andreas Schneider
2018-09-17 14:45:46 +02:00
parent 30df04a8a5
commit e5170107c9
1 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/auth.c
View File

@@ -495,7 +495,24 @@ int ssh_userauth_try_publickey(ssh_session session,
return SSH_ERROR; return SSH_ERROR;
} }
switch (pubkey->type) {
case SSH_KEYTYPE_UNKNOWN:
ssh_set_error(session,
SSH_REQUEST_DENIED,
"Invalid key type (unknown)");
return SSH_AUTH_DENIED;
case SSH_KEYTYPE_ECDSA:
sig_type_c = ssh_pki_key_ecdsa_name(pubkey);
break;
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type); sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
break;
}
/* Check if the given public key algorithm is allowed */ /* Check if the given public key algorithm is allowed */
if (!ssh_key_algorithm_allowed(session, sig_type_c)) { if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
@@ -587,7 +604,7 @@ int ssh_userauth_publickey(ssh_session session,
{ {
ssh_string str = NULL; ssh_string str = NULL;
int rc; int rc;
const char *sig_type_c; const char *sig_type_c = NULL;
enum ssh_keytypes_e key_type; enum ssh_keytypes_e key_type;
if (session == NULL) { if (session == NULL) {
@@ -613,7 +630,25 @@ int ssh_userauth_publickey(ssh_session session,
/* Cert auth requires presenting the cert type name (*-cert@openssh.com) */ /* Cert auth requires presenting the cert type name (*-cert@openssh.com) */
key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type; key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type;
switch (key_type) {
case SSH_KEYTYPE_UNKNOWN:
ssh_set_error(session,
SSH_REQUEST_DENIED,
"Invalid key type (unknown)");
return SSH_AUTH_DENIED;
case SSH_KEYTYPE_ECDSA:
sig_type_c = ssh_pki_key_ecdsa_name(privkey);
break;
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
sig_type_c = ssh_key_get_signature_algorithm(session, key_type); sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
break;
}
/* Check if the given public key algorithm is allowed */ /* Check if the given public key algorithm is allowed */
if (!ssh_key_algorithm_allowed(session, sig_type_c)) { if (!ssh_key_algorithm_allowed(session, sig_type_c)) {