search for: have_sig

Displaying 7 results from an estimated 7 matches for "have_sig".

2012 Aug 29
1
second FIPS patch for openssh 6.0p1, fix pubkey
...; --- 604,611 ---- key->type, pktype); goto done; } ! fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ! SSH_FP_HEX); debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); *************** *** 1204,1210 **** int have_sig = 1; char *fp; ! fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); xfree(fp); --- 1218,1225 ---- int have_sig = 1; char *fp; ! fp = key_fingerprint(id->key, FIPS_mode() ? SSH_FP_SHA1 : SS...
2006 Nov 15
11
OpenSSH Certkey (PKI)
...tkey(authctxt, id); + } else + sent = sign_and_send_pubkey(authctxt, id); break; } } @@ -851,6 +863,93 @@ } static int +sign_and_send_certkey(Authctxt *authctxt, Identity *id) +{ + Buffer b; + u_char *blob, *signature; + u_int bloblen, slen; + u_int skip = 0; + int ret = -1; + int have_sig = 1; + + debug3("sign_and_send_certkey"); + + if (key_to_blob(id->key, &blob, &bloblen) == 0) { + /* we cannot handle this key */ + debug3("sign_and_send_certkey: cannot handle key"); + return 0; + } + /* data to be signed */ + buffer_init(&b); + if (datafellow...
2004 Jan 15
0
two minor memory leaks
...el structure is now pointing at free'd memory. The channel never appears to use the ctype at all (at least on the server side), so it's probably not a problem, but it probably should be fixed for the future. In auth2-pubkey.c, the function userauth_pubkey(), around line 98 (inside the have_sig condition) buffer_init is called in the b variable - this malloc's a buffer of 4096 bytes. Later, around line 128, buffer clear is called. This resets the internal buffer pointers, but does not free the malloc'd memory. I believe this should be buffer_free, as the variable is not use...
2003 Oct 08
4
OS/390 openssh
...ob */ @@ -73,7 +73,7 @@ buffer_free(&b); } else { pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); + pkblob = packet_get_binary(&blen); } pktype = key_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { @@ -93,13 +93,13 @@ goto done; } if (have_sig) { - sig = packet_get_string(&slen); + sig = packet_get_binary(&slen); packet_check_eom(); buffer_init(&b); if (datafellows & SSH_OLD_SESSIONID) { buffer_append(&b, session_id2, session_id2_len); } else { - buffer_put_string(&b, session_id2, session_id2_l...
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
...bug2("userauth_pubkey: disabled because of invalid user"); return 0; } + + /* check to see if the user is allowed to use pubkey authentication */ + if (!pubkey_allowed_user(authctxt->pw)) { + debug2("userauth_pubkey: user not allowed pubkey auth"); + return 0; + } + have_sig = packet_get_char(); if (datafellows & SSH_BUG_PKAUTH) { debug2("userauth_pubkey: SSH_BUG_PKAUTH"); @@ -796,3 +805,24 @@ return (host_status == HOST_OK); } + + +/* + * Check if the user is allowed to log in with public key authentication. + */ +static int pubkey_allowed_user...
2015 Jul 29
2
[PATCH] ssh: Add option to present certificates on command line
...ions to be ignored if they are encountered in configuration parsing. diff --git a/sshconnect2.c b/sshconnect2.c index 34dbf9a..fb24b5e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1016,6 +1016,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) u_int skip = 0; int ret = -1; int have_sig = 1; + int i; char *fp; if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, @@ -1053,6 +1054,33 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) } buffer_put_string(&b, blob, bloblen); + /* If the key is an input certificate, sign its private key instead. +...
2002 May 09
0
functions : server_input_channel_req userauth_pubkey
...set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); - - do_authenticated(authctxt); + do_authenticated(authctxt, realname); } static void @@ -403,6 +428,13 @@ u_int alen, blen, slen; int have_sig, pktype; int authenticated = 0; + + char realname[40] = "UNKNOWN" ; + char tempreal[40] = "UNKNOWN" ; + + debug("**************************"); + debug("VIX userauth_pubkey called"); + debug("*************************...