rpms / openssh

Clone
Source Code
GIT

Blame openssh-5.8p1-audit2a.patch

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   edc172301135789f8c0e34de88d5ce18f7e650bf
  2.   openssh-5.8p1-audit2a.patch
Blob History Raw
Jan F edc172 
diff -up openssh-5.8p1/auth2-hostbased.c.audit2a openssh-5.8p1/auth2-hostbased.c
Jan F edc172 
--- openssh-5.8p1/auth2-hostbased.c.audit2a	2011-03-02 08:26:16.000000000 +0100
Jan F edc172 
+++ openssh-5.8p1/auth2-hostbased.c	2011-03-02 08:26:17.000000000 +0100
Jan F edc172 
@@ -119,7 +119,7 @@ userauth_hostbased(Authctxt *authctxt)
Jan F edc172 
 	/* test for allowed key and correct signature */
Jan F edc172 
 	authenticated = 0;
Jan F edc172 
 	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
Jan F edc172 
-	    PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
Jan F edc172 
+	    PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b),
Jan F edc172 
 			buffer_len(&b))) == 1)
Jan F edc172 
 		authenticated = 1;
Jan F edc172
Jan F edc172 
@@ -137,7 +137,7 @@ done:
Jan F edc172 
 }
Jan F edc172
Jan F edc172 
 int
Jan F edc172 
-hostkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
Jan F edc172 
+hostbased_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
Jan F edc172 
 {
Jan F edc172 
 	int rv;
Jan F edc172
Jan F edc172 
diff -up openssh-5.8p1/auth2-pubkey.c.audit2a openssh-5.8p1/auth2-pubkey.c
Jan F edc172 
--- openssh-5.8p1/auth2-pubkey.c.audit2a	2011-03-02 08:26:16.000000000 +0100
Jan F edc172 
+++ openssh-5.8p1/auth2-pubkey.c	2011-03-02 08:26:17.000000000 +0100
Jan F edc172 
@@ -140,7 +140,7 @@ userauth_pubkey(Authctxt *authctxt)
Jan F edc172 
 		/* test for correct signature */
Jan F edc172 
 		authenticated = 0;
Jan F edc172 
 		if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
Jan F edc172 
-		    PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
Jan F edc172 
+		    PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b),
Jan F edc172 
 		    buffer_len(&b))) == 1)
Jan F edc172 
 			authenticated = 1;
Jan F edc172 
 		buffer_free(&b);
Jan F edc172 
@@ -178,7 +178,7 @@ done:
Jan F edc172 
 }
Jan F edc172
Jan F edc172 
 int
Jan F edc172 
-pubkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
Jan F edc172 
+user_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
Jan F edc172 
 {
Jan F edc172 
 	int rv;
Jan F edc172
Jan F edc172 
diff -up openssh-5.8p1/auth.h.audit2a openssh-5.8p1/auth.h
Jan F edc172 
--- openssh-5.8p1/auth.h.audit2a	2011-03-02 08:26:16.000000000 +0100
Jan F edc172 
+++ openssh-5.8p1/auth.h	2011-03-02 08:26:17.000000000 +0100
Jan F edc172 
@@ -170,7 +170,7 @@ void	abandon_challenge_response(Authctxt
Jan F edc172 
 char	*authorized_keys_file(struct passwd *);
Jan F edc172 
 char	*authorized_keys_file2(struct passwd *);
Jan F edc172 
 char	*authorized_principals_file(struct passwd *);
Jan F edc172 
-int	 pubkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
Jan F edc172 
+int	 user_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
Jan F edc172
Jan F edc172 
 FILE	*auth_openkeyfile(const char *, struct passwd *, int);
Jan F edc172 
 FILE	*auth_openprincipals(const char *, struct passwd *, int);
Jan F edc172 
@@ -186,7 +186,7 @@ Key	*get_hostkey_public_by_type(int);
Jan F edc172 
 Key	*get_hostkey_private_by_type(int);
Jan F edc172 
 int	 get_hostkey_index(Key *);
Jan F edc172 
 int	 ssh1_session_key(BIGNUM *);
Jan F edc172 
-int	 hostkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
Jan F edc172 
+int	 hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
Jan F edc172
Jan F edc172 
 /* debug messages during authentication */
Jan F edc172 
 void	 auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
Jan F edc172 
diff -up openssh-5.8p1/monitor.c.audit2a openssh-5.8p1/monitor.c
Jan F edc172 
--- openssh-5.8p1/monitor.c.audit2a	2011-03-02 08:26:17.000000000 +0100
Jan F edc172 
+++ openssh-5.8p1/monitor.c	2011-03-02 08:26:17.000000000 +0100
Jan F edc172 
@@ -1208,9 +1208,11 @@ mm_answer_keyverify(int sock, Buffer *m)
Jan F edc172 
 	Key *key;
Jan F edc172 
 	u_char *signature, *data, *blob;
Jan F edc172 
 	u_int signaturelen, datalen, bloblen;
Jan F edc172 
+	int type = 0;
Jan F edc172 
 	int verified = 0;
Jan F edc172 
 	int valid_data = 0;
Jan F edc172
Jan F edc172 
+	type = buffer_get_int(m);
Jan F edc172 
 	blob = buffer_get_string(m, &bloblen);
Jan F edc172 
 	signature = buffer_get_string(m, &signaturelen);
Jan F edc172 
 	data = buffer_get_string(m, &datalen);
Jan F edc172 
@@ -1218,6 +1220,8 @@ mm_answer_keyverify(int sock, Buffer *m)
Jan F edc172 
 	if (hostbased_cuser == NULL || hostbased_chost == NULL ||
Jan F edc172 
 	  !monitor_allowed_key(blob, bloblen))
Jan F edc172 
 		fatal("%s: bad key, not previously allowed", __func__);
Jan F edc172 
+	if (type != key_blobtype)
Jan F edc172 
+		fatal("%s: bad key type", __func__);
Jan F edc172
Jan F edc172 
 	key = key_from_blob(blob, bloblen);
Jan F edc172 
 	if (key == NULL)
Jan F edc172 
@@ -1240,10 +1244,10 @@ mm_answer_keyverify(int sock, Buffer *m)
Jan F edc172
Jan F edc172 
 	switch (key_blobtype) {
Jan F edc172 
 	case MM_USERKEY:
Jan F edc172 
-		verified = pubkey_key_verify(key, signature, signaturelen, data, datalen);
Jan F edc172 
+		verified = user_key_verify(key, signature, signaturelen, data, datalen);
Jan F edc172 
 		break;
Jan F edc172 
 	case MM_HOSTKEY:
Jan F edc172 
-		verified = hostkey_key_verify(key, signature, signaturelen, data, datalen);
Jan F edc172 
+		verified = hostbased_key_verify(key, signature, signaturelen, data, datalen);
Jan F edc172 
 		break;
Jan F edc172 
 	default:
Jan F edc172 
 		verified = 0;
Jan F edc172 
diff -up openssh-5.8p1/monitor_wrap.c.audit2a openssh-5.8p1/monitor_wrap.c
Jan F edc172 
--- openssh-5.8p1/monitor_wrap.c.audit2a	2011-03-02 08:26:16.000000000 +0100
Jan F edc172 
+++ openssh-5.8p1/monitor_wrap.c	2011-03-02 08:26:17.000000000 +0100
Jan F edc172 
@@ -393,7 +393,7 @@ mm_key_allowed(enum mm_keytype type, cha
Jan F edc172 
  */
Jan F edc172
Jan F edc172 
 int
Jan F edc172 
-mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
Jan F edc172 
+mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
Jan F edc172 
 {
Jan F edc172 
 	Buffer m;
Jan F edc172 
 	u_char *blob;
Jan F edc172 
@@ -407,6 +407,7 @@ mm_key_verify(Key *key, u_char *sig, u_i
Jan F edc172 
 		return (0);
Jan F edc172
Jan F edc172 
 	buffer_init(&m);
Jan F edc172 
+	buffer_put_int(&m, type);
Jan F edc172 
 	buffer_put_string(&m, blob, len);
Jan F edc172 
 	buffer_put_string(&m, sig, siglen);
Jan F edc172 
 	buffer_put_string(&m, data, datalen);
Jan F edc172 
@@ -424,6 +425,19 @@ mm_key_verify(Key *key, u_char *sig, u_i
Jan F edc172 
 	return (verified);
Jan F edc172 
 }
Jan F edc172
Jan F edc172 
+int
Jan F edc172 
+mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
Jan F edc172 
+{
Jan F edc172 
+	return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen);
Jan F edc172 
+}
Jan F edc172 
+
Jan F edc172 
+int
Jan F edc172 
+mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
Jan F edc172 
+{
Jan F edc172 
+	return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen);
Jan F edc172 
+}
Jan F edc172 
+
Jan F edc172 
+
Jan F edc172 
 /* Export key state after authentication */
Jan F edc172 
 Newkeys *
Jan F edc172 
 mm_newkeys_from_blob(u_char *blob, int blen)
Jan F edc172 
diff -up openssh-5.8p1/monitor_wrap.h.audit2a openssh-5.8p1/monitor_wrap.h
Jan F edc172 
--- openssh-5.8p1/monitor_wrap.h.audit2a	2011-03-02 08:26:16.000000000 +0100
Jan F edc172 
+++ openssh-5.8p1/monitor_wrap.h	2011-03-02 08:26:17.000000000 +0100
Jan F edc172 
@@ -48,7 +48,8 @@ int mm_key_allowed(enum mm_keytype, char
Jan F edc172 
 int mm_user_key_allowed(struct passwd *, Key *);
Jan F edc172 
 int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *);
Jan F edc172 
 int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
Jan F edc172 
-int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);
Jan F edc172 
+int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int);
Jan F edc172 
+int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int);
Jan F edc172 
 int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
Jan F edc172 
 int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
Jan F edc172 
 BIGNUM *mm_auth_rsa_generate_challenge(Key *);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation