Attachment #3203 for bug #2746




	return (authok != 0);
}

/*
 * Check that the key type appears in the supplied pattern list, ignoring
 * mismastches in the signature algorithm. (Signature algorithm checks are
 * performed in the unprivileged authentication code).
 * Returns 1 on success, 0 otherwise.
 */
static int
key_base_type_match(const struct sshkey *key, const char *list)
{
	char *s, *l, *ol = xstrdup(list);
	int found = 0;

	l = ol;
	for ((s = strsep(&l, ",")); s && *s != '\0'; (s = strsep(&l, ","))) {
		if (sshkey_type_from_name(s) == key->type) {
			found = 1;
			break;
		}
	}
	if (!found) {
		debug("key type %s does not appear in list %s",
		    sshkey_ssh_name(key), list);
	}

	free(ol);
	return found;
}

int
mm_answer_keyallowed(int sock, struct sshbuf *m)
{

				break;
			if (auth2_key_already_used(authctxt, key))
				break;
			if (!key_base_type_match(key,
			    options.pubkey_key_types))
				break;
			allowed = user_key_allowed(ssh, authctxt->pw, key,
			    pubkey_auth_attempt, &opts);

				break;
			if (auth2_key_already_used(authctxt, key))
				break;
			if (!key_base_type_match(key,
			    options.hostbased_key_types))
				break;
			allowed = hostbased_key_allowed(authctxt->pw,
			    cuser, chost, key);

Return to bug 2746

Lines 875-880 mm_answer_bsdauthrespond(int sock, struct sshbuf *m) Link Here

(-)a/monitor.c (-4 / +32 lines)
875	return (authok != 0);	875	return (authok != 0);
876	}	876	}
877		877
		878	/*
		879	* Check that the key type appears in the supplied pattern list, ignoring
		880	* mismastches in the signature algorithm. (Signature algorithm checks are
		881	* performed in the unprivileged authentication code).
		882	* Returns 1 on success, 0 otherwise.
		883	*/
		884	static int
		885	key_base_type_match(const struct sshkey key, const char list)
		886	{
		887	char s, l, *ol = xstrdup(list);
		888	int found = 0;
		889
		890	l = ol;
		891	for ((s = strsep(&l, ",")); s && *s != '\0'; (s = strsep(&l, ","))) {
		892	if (sshkey_type_from_name(s) == key->type) {
		893	found = 1;
		894	break;
		895	}
		896	}
		897	if (!found) {
		898	debug("key type %s does not appear in list %s",
		899	sshkey_ssh_name(key), list);
		900	}
		901
		902	free(ol);
		903	return found;
		904	}
		905
878	int	906	int
879	mm_answer_keyallowed(int sock, struct sshbuf *m)	907	mm_answer_keyallowed(int sock, struct sshbuf *m)
880	{	908	{
Lines 909-916 mm_answer_keyallowed(int sock, struct sshbuf *m) Link Here
909	break;	937	break;
910	if (auth2_key_already_used(authctxt, key))	938	if (auth2_key_already_used(authctxt, key))
911	break;	939	break;
912	if (match_pattern_list(sshkey_ssh_name(key),	940	if (!key_base_type_match(key,
913	options.pubkey_key_types, 0) != 1)	941	options.pubkey_key_types))
914	break;	942	break;
915	allowed = user_key_allowed(ssh, authctxt->pw, key,	943	allowed = user_key_allowed(ssh, authctxt->pw, key,
916	pubkey_auth_attempt, &opts);	944	pubkey_auth_attempt, &opts);
Lines 921-928 mm_answer_keyallowed(int sock, struct sshbuf *m) Link Here
921	break;	949	break;
922	if (auth2_key_already_used(authctxt, key))	950	if (auth2_key_already_used(authctxt, key))
923	break;	951	break;
924	if (match_pattern_list(sshkey_ssh_name(key),	952	if (!key_base_type_match(key,
925	options.hostbased_key_types, 0) != 1)	953	options.hostbased_key_types))
926	break;	954	break;
927	allowed = hostbased_key_allowed(authctxt->pw,	955	allowed = hostbased_key_allowed(authctxt->pw,
928	cuser, chost, key);	956	cuser, chost, key);