- markus@cvs.openbsd.org 2001/04/18 23:43:26

     [auth2.c compat.c sshconnect2.c]
     more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
     (however the 2.1.0 server seems to work only if debug is enabled...)

diff --git a/ChangeLog b/ChangeLog
index b7a4662c45cb5ca967acf5a31b7a113d70b6d22e..f35aaffff28944ee9a2bd3fc4fb8328a6a0583af 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@
    - markus@cvs.openbsd.org 2001/04/18 22:48:26
      [auth2.c]                                 
      no longer const                           
+   - markus@cvs.openbsd.org 2001/04/18 23:43:26                          
+     [auth2.c compat.c sshconnect2.c]                                    
+     more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now      
+     (however the 2.1.0 server seems to work only if debug is enabled...)
 
 20010418
   - OpenBSD CVS Sync                            

diff --git a/auth2.c b/auth2.c
index 5db8f8d5d85e0899dbfc6f5020679e7bc65a328a..1abb01d2aba3221d387d249bf143d23180e8872b 100644 (file)
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.54 2001/04/18 22:48:26 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.55 2001/04/18 23:43:25 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -534,8 +534,7 @@ userauth_hostbased(Authctxt *authctxt)
 {
        Buffer b;
        Key *key;
-       char *pkalg, *pkblob, *sig;
-       char *cuser, *chost;
+       char *pkalg, *pkblob, *sig, *cuser, *chost, *service;
        u_int alen, blen, slen;
        int pktype;
        int authenticated = 0;
@@ -571,21 +570,14 @@ userauth_hostbased(Authctxt *authctxt)
                debug("userauth_hostbased: cannot decode key: %s", pkalg);
                goto done;
        }
+       service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
+           authctxt->service;
        buffer_init(&b);
-       if (datafellows & SSH_OLD_SESSIONID) {
-               buffer_append(&b, session_id2, session_id2_len);
-       } else {
-               buffer_put_string(&b, session_id2, session_id2_len);
-       }
-       if (datafellows & SSH_BUG_HBSERVICE)
-               debug("SSH_BUG_HBSERVICE");
+       buffer_put_string(&b, session_id2, session_id2_len);
        /* reconstruct packet */
        buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
        buffer_put_cstring(&b, authctxt->user);
-       buffer_put_cstring(&b,
-           datafellows & SSH_BUG_HBSERVICE ?
-           "ssh-userauth" :
-           authctxt->service);
+       buffer_put_cstring(&b, service);
        buffer_put_cstring(&b, "hostbased");
        buffer_put_string(&b, pkalg, alen);
        buffer_put_string(&b, pkblob, blen);

diff --git a/compat.c b/compat.c
index 4bdc6c6b3fa37f6fe704bd4b59ec0e6cc2dcb307..f5eeda0eb6f33909045810e154803f59c2ac74a1 100644 (file)
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.46 2001/04/12 19:15:24 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.47 2001/04/18 23:43:25 markus Exp $");
 
 #ifdef HAVE_LIBPCRE
 #  include <pcreposix.h>
@@ -92,7 +92,8 @@ compat_datafellows(const char *version)
                { "^2\\.0\\.1[3-9]",    SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
                                        SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
-                                       SSH_BUG_PKOK|SSH_BUG_RSASIGMD5 },
+                                       SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
+                                       SSH_BUG_HBSERVICE },
                { "^2\\.0\\.",          SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
                                        SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|

diff --git a/sshconnect2.c b/sshconnect2.c
index ac3ad013bbc9e19445a59926b552b91a0ea3f32b..14e3d401a78aa77752807c64e2e043c11465b99b 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.71 2001/04/18 22:03:45 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.72 2001/04/18 23:43:26 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -815,6 +815,7 @@ userauth_hostbased(Authctxt *authctxt)
        Buffer b;
        u_char *signature, *blob;
        char *chost, *pkalg, *p;
+       const char *service;
        u_int blen, slen;
        int ok, i, len, found = 0;
 
@@ -847,20 +848,15 @@ userauth_hostbased(Authctxt *authctxt)
                xfree(chost);
                return 0;
        }
+       service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
+           authctxt->service;
        pkalg = xstrdup(key_ssh_name(private));
        buffer_init(&b);
-       if (datafellows & SSH_OLD_SESSIONID) {
-               buffer_append(&b, session_id2, session_id2_len);
-       } else {
-               buffer_put_string(&b, session_id2, session_id2_len);
-       }
        /* construct data */
+       buffer_put_string(&b, session_id2, session_id2_len);
        buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
        buffer_put_cstring(&b, authctxt->server_user);
-       buffer_put_cstring(&b,
-           datafellows & SSH_BUG_HBSERVICE ?
-           "ssh-userauth" :
-           authctxt->service);
+       buffer_put_cstring(&b, service);
        buffer_put_cstring(&b, authctxt->method->name);
        buffer_put_cstring(&b, pkalg);
        buffer_put_string(&b, blob, blen);