diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2021-12-19 22:13:33 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2021-12-20 09:28:07 +1100 |
| commit | baaff0ff4357cc5a079621ba6e2d7e247b765061 (patch) | |
| tree | 92e404751fb6cefc918184c536001fb6aaefffe4 /ssh-agent.c | |
| parent | 3e16365a79cdeb2d758cf1da6051b1c5266ceed7 (diff) | |
| download | openssh-git-baaff0ff4357cc5a079621ba6e2d7e247b765061.tar.gz | |
upstream: agent support for parsing hostkey-bound signatures
Allow parse_userauth_request() to work with blobs from
publickey-hostbound-v00@openssh.com userauth attempts.
Extract hostkey from these blobs.
ok markus@
OpenBSD-Commit-ID: 81c064255634c1109477dc65c3e983581d336df8
Diffstat (limited to 'ssh-agent.c')
| -rw-r--r-- | ssh-agent.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 346dae3d..6f7fa2c7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.281 2021/12/19 22:11:39 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.282 2021/12/19 22:13:33 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -567,22 +567,24 @@ agent_decode_alg(struct sshkey *key, u_int flags) * request, checking its contents for consistency and matching the embedded * key against the one that is being used for signing. * Note: does not modify msg buffer. - * Optionally extract the username and session ID from the request. + * Optionally extract the username, session ID and/or hostkey from the request. */ static int parse_userauth_request(struct sshbuf *msg, const struct sshkey *expected_key, - char **userp, struct sshbuf **sess_idp) + char **userp, struct sshbuf **sess_idp, struct sshkey **hostkeyp) { struct sshbuf *b = NULL, *sess_id = NULL; char *user = NULL, *service = NULL, *method = NULL, *pkalg = NULL; int r; u_char t, sig_follows; - struct sshkey *mkey = NULL; + struct sshkey *mkey = NULL, *hostkey = NULL; if (userp != NULL) *userp = NULL; if (sess_idp != NULL) *sess_idp = NULL; + if (hostkeyp != NULL) + *hostkeyp = NULL; if ((b = sshbuf_fromb(msg)) == NULL) fatal_f("sshbuf_fromb"); @@ -609,7 +611,10 @@ parse_userauth_request(struct sshbuf *msg, const struct sshkey *expected_key, r = SSH_ERR_INVALID_FORMAT; goto out; } - if (strcmp(method, "publickey") != 0) { + if (strcmp(method, "publickey-hostbound-v00@openssh.com") == 0) { + if ((r = sshkey_froms(b, &hostkey)) != 0) + goto out; + } else if (strcmp(method, "publickey") != 0) { r = SSH_ERR_INVALID_FORMAT; goto out; } @@ -628,6 +633,10 @@ parse_userauth_request(struct sshbuf *msg, const struct sshkey *expected_key, *sess_idp = sess_id; sess_id = NULL; } + if (hostkeyp != NULL) { + *hostkeyp = hostkey; + hostkey = NULL; + } out: sshbuf_free(b); sshbuf_free(sess_id); @@ -636,6 +645,7 @@ parse_userauth_request(struct sshbuf *msg, const struct sshkey *expected_key, free(method); free(pkalg); sshkey_free(mkey); + sshkey_free(hostkey); return r; } @@ -680,7 +690,7 @@ parse_sshsig_request(struct sshbuf *msg) static int check_websafe_message_contents(struct sshkey *key, struct sshbuf *data) { - if (parse_userauth_request(data, key, NULL, NULL) == 0) { + if (parse_userauth_request(data, key, NULL, NULL, NULL) == 0) { debug_f("signed data matches public key userauth request"); return 1; } @@ -747,7 +757,7 @@ process_sign_request2(SocketEntry *e) "to sign on unbound connection"); goto send; } - if (parse_userauth_request(data, key, &user, &sid) != 0) { + if (parse_userauth_request(data, key, &user, &sid, NULL) != 0) { logit_f("refusing use of destination-constrained key " "to sign an unidentified signature"); goto send; |