- markus@cvs.openbsd.org 2001/04/18 23:43:26
[auth2.c compat.c sshconnect2.c]
more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
(however the 2.1.0 server seems to work only if debug is enabled...)
diff --git a/ChangeLog b/ChangeLog
index c1bbc6a..488b1e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@
- markus@cvs.openbsd.org 2001/04/18 22:48:26
[auth2.c]
no longer const
+ - markus@cvs.openbsd.org 2001/04/18 23:43:26
+ [auth2.c compat.c sshconnect2.c]
+ more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
+ (however the 2.1.0 server seems to work only if debug is enabled...)
20010418
- OpenBSD CVS Sync
@@ -5174,4 +5178,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1143 2001/04/19 20:38:06 mouring Exp $
+$Id: ChangeLog,v 1.1144 2001/04/19 20:40:45 mouring Exp $
diff --git a/auth2.c b/auth2.c
index 5db8f8d..1abb01d 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.54 2001/04/18 22:48:26 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.55 2001/04/18 23:43:25 markus Exp $");
#include <openssl/evp.h>
@@ -534,8 +534,7 @@
{
Buffer b;
Key *key;
- char *pkalg, *pkblob, *sig;
- char *cuser, *chost;
+ char *pkalg, *pkblob, *sig, *cuser, *chost, *service;
u_int alen, blen, slen;
int pktype;
int authenticated = 0;
@@ -571,21 +570,14 @@
debug("userauth_hostbased: cannot decode key: %s", pkalg);
goto done;
}
+ service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
+ authctxt->service;
buffer_init(&b);
- if (datafellows & SSH_OLD_SESSIONID) {
- buffer_append(&b, session_id2, session_id2_len);
- } else {
- buffer_put_string(&b, session_id2, session_id2_len);
- }
- if (datafellows & SSH_BUG_HBSERVICE)
- debug("SSH_BUG_HBSERVICE");
+ buffer_put_string(&b, session_id2, session_id2_len);
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->user);
- buffer_put_cstring(&b,
- datafellows & SSH_BUG_HBSERVICE ?
- "ssh-userauth" :
- authctxt->service);
+ buffer_put_cstring(&b, service);
buffer_put_cstring(&b, "hostbased");
buffer_put_string(&b, pkalg, alen);
buffer_put_string(&b, pkblob, blen);
diff --git a/compat.c b/compat.c
index 4bdc6c6..f5eeda0 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.46 2001/04/12 19:15:24 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.47 2001/04/18 23:43:25 markus Exp $");
#ifdef HAVE_LIBPCRE
# include <pcreposix.h>
@@ -92,7 +92,8 @@
{ "^2\\.0\\.1[3-9]", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
- SSH_BUG_PKOK|SSH_BUG_RSASIGMD5 },
+ SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
+ SSH_BUG_HBSERVICE },
{ "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
diff --git a/sshconnect2.c b/sshconnect2.c
index ac3ad01..14e3d40 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.71 2001/04/18 22:03:45 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.72 2001/04/18 23:43:26 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -815,6 +815,7 @@
Buffer b;
u_char *signature, *blob;
char *chost, *pkalg, *p;
+ const char *service;
u_int blen, slen;
int ok, i, len, found = 0;
@@ -847,20 +848,15 @@
xfree(chost);
return 0;
}
+ service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
+ authctxt->service;
pkalg = xstrdup(key_ssh_name(private));
buffer_init(&b);
- if (datafellows & SSH_OLD_SESSIONID) {
- buffer_append(&b, session_id2, session_id2_len);
- } else {
- buffer_put_string(&b, session_id2, session_id2_len);
- }
/* construct data */
+ buffer_put_string(&b, session_id2, session_id2_len);
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
buffer_put_cstring(&b, authctxt->server_user);
- buffer_put_cstring(&b,
- datafellows & SSH_BUG_HBSERVICE ?
- "ssh-userauth" :
- authctxt->service);
+ buffer_put_cstring(&b, service);
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_cstring(&b, pkalg);
buffer_put_string(&b, blob, blen);