lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-02 01:17:52 +03:00
Code Activity

options: Add option to set server accepted pubkey types

Browse Source 
The added option SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES allows
restricting the allowed public key types accepted by the server for
authentication.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-05-15 11:48:49 +02:00
committed by Andreas Schneider
parent bc95a51710
commit f4363f5655
7 changed files with 136 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/messages.c
View File

@@ -868,11 +868,28 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
msg->auth_request.pubkey,
&sig);
if (rc == SSH_OK) {
rc = ssh_pki_signature_verify(session,
sig,
msg->auth_request.pubkey,
ssh_buffer_get(digest),
ssh_buffer_get_len(digest));
/* Check if the signature from client matches server preferences */
if (session->opts.pubkey_accepted_types) {
if (!ssh_match_group(session->opts.pubkey_accepted_types,
sig->type_c))
{
ssh_set_error(session,
SSH_FATAL,
"Public key from client (%s) doesn't match server "
"preference (%s)",
sig->type_c,
session->opts.pubkey_accepted_types);
rc = SSH_ERROR;
}
}
if (rc == SSH_OK) {
rc = ssh_pki_signature_verify(session,
sig,
msg->auth_request.pubkey,
ssh_buffer_get(digest),
ssh_buffer_get_len(digest));
}
}
ssh_string_free(sig_blob);
ssh_buffer_free(digest);