diff options
Diffstat (limited to 'auth2-hostbased.c')
| -rw-r--r-- | auth2-hostbased.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 359393291def..764ceff74ee6 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.36 2018/07/31 03:10:27 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -79,7 +79,7 @@ userauth_hostbased(struct ssh *ssh) cuser, chost, pkalg, slen); #ifdef DEBUG_PK debug("signature:"); - sshbuf_dump_data(sig, siglen, stderr); + sshbuf_dump_data(sig, slen, stderr); #endif pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { @@ -112,6 +112,13 @@ userauth_hostbased(struct ssh *ssh) __func__, sshkey_type(key)); goto done; } + if ((r = sshkey_check_cert_sigtype(key, + options.ca_sign_algorithms)) != 0) { + logit("%s: certificate signature algorithm %s: %s", __func__, + (key->cert == NULL || key->cert->signature_type == NULL) ? + "(null)" : key->cert->signature_type, ssh_err(r)); + goto done; + } if (!authctxt->valid || authctxt->user == NULL) { debug2("%s: disabled because of invalid user", __func__); |