Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 4ce189d9108c62090a0dd5dea973d175328440db^! / . / monitor.c
commit4ce189d9108c62090a0dd5dea973d175328440db[log] [tgz]
authorDamien Miller <djm@mindrot.org>Tue Apr 23 15:17:52 2013 +1000
committerDamien Miller <djm@mindrot.org>Tue Apr 23 15:17:52 2013 +1000
tree94f59288486756c522514572f4d9962e865790b2
parent5cbec4c25954b184e43bf3d3ac09e65eb474f5f9 [diff] [blame]
   - djm@cvs.openbsd.org 2013/03/07 00:19:59
     [auth2-pubkey.c monitor.c]
     reconstruct the original username that was sent by the client, which may
     have included a style (e.g. "root:skey") when checking public key
     signatures. Fixes public key and hostbased auth when the client specified
     a style; ok markus@

diff --git a/monitor.c b/monitor.c
index 6560740..34d7e18 100644
--- a/monitor.c
+++ b/monitor.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.121 2013/03/07 00:19:59 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1237,7 +1237,7 @@
 monitor_valid_userblob(u_char *data, u_int datalen)
 {
 	Buffer b;
-	char *p;
+	char *p, *userstyle;
 	u_int len;
 	int fail = 0;
 
@@ -1262,19 +1262,23 @@
 	}
 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
-	p = buffer_get_string(&b, NULL);
-	if (strcmp(authctxt->user, p) != 0) {
+	p = buffer_get_cstring(&b, NULL);
+	xasprintf(&userstyle, "%s%s%s", authctxt->user,
+	    authctxt->style ? ":" : "",
+	    authctxt->style ? authctxt->style : "");
+	if (strcmp(userstyle, p) != 0) {
 		logit("wrong user name passed to monitor: expected %s != %.100s",
-		    authctxt->user, p);
+		    userstyle, p);
 		fail++;
 	}
+	xfree(userstyle);
 	xfree(p);
 	buffer_skip_string(&b);
 	if (datafellows & SSH_BUG_PKAUTH) {
 		if (!buffer_get_char(&b))
 			fail++;
 	} else {
-		p = buffer_get_string(&b, NULL);
+		p = buffer_get_cstring(&b, NULL);
 		if (strcmp("publickey", p) != 0)
 			fail++;
 		xfree(p);
@@ -1294,7 +1298,7 @@
     char *chost)
 {
 	Buffer b;
-	char *p;
+	char *p, *userstyle;
 	u_int len;
 	int fail = 0;
 
@@ -1310,15 +1314,19 @@
 
 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
-	p = buffer_get_string(&b, NULL);
-	if (strcmp(authctxt->user, p) != 0) {
+	p = buffer_get_cstring(&b, NULL);
+	xasprintf(&userstyle, "%s%s%s", authctxt->user,
+	    authctxt->style ? ":" : "",
+	    authctxt->style ? authctxt->style : "");
+	if (strcmp(userstyle, p) != 0) {
 		logit("wrong user name passed to monitor: expected %s != %.100s",
-		    authctxt->user, p);
+		    userstyle, p);
 		fail++;
 	}
+	free(userstyle);
 	xfree(p);
 	buffer_skip_string(&b);	/* service */
-	p = buffer_get_string(&b, NULL);
+	p = buffer_get_cstring(&b, NULL);
 	if (strcmp(p, "hostbased") != 0)
 		fail++;
 	xfree(p);