Mercurial > dropbear
comparison svr-authpubkey.c @ 1617:1fbe598a14fb
Merge bugfix delay invalid users
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 23 Aug 2018 23:43:45 +0800 |
parents | dc7c9fdb3716 5d2d1021ca00 |
children | 9579377b5f8b |
comparison
equal
deleted
inserted
replaced
1611:0196f4f83fee | 1617:1fbe598a14fb |
---|---|
77 const unsigned char* keyblob, unsigned int keybloblen); | 77 const unsigned char* keyblob, unsigned int keybloblen); |
78 static int checkfileperm(char * filename); | 78 static int checkfileperm(char * filename); |
79 | 79 |
80 /* process a pubkey auth request, sending success or failure message as | 80 /* process a pubkey auth request, sending success or failure message as |
81 * appropriate */ | 81 * appropriate */ |
82 void svr_auth_pubkey() { | 82 void svr_auth_pubkey(int valid_user) { |
83 | 83 |
84 unsigned char testkey; /* whether we're just checking if a key is usable */ | 84 unsigned char testkey; /* whether we're just checking if a key is usable */ |
85 char* algo = NULL; /* pubkey algo */ | 85 char* algo = NULL; /* pubkey algo */ |
86 unsigned int algolen; | 86 unsigned int algolen; |
87 unsigned char* keyblob = NULL; | 87 unsigned char* keyblob = NULL; |
99 testkey = (buf_getbool(ses.payload) == 0); | 99 testkey = (buf_getbool(ses.payload) == 0); |
100 | 100 |
101 algo = buf_getstring(ses.payload, &algolen); | 101 algo = buf_getstring(ses.payload, &algolen); |
102 keybloblen = buf_getint(ses.payload); | 102 keybloblen = buf_getint(ses.payload); |
103 keyblob = buf_getptr(ses.payload, keybloblen); | 103 keyblob = buf_getptr(ses.payload, keybloblen); |
104 | |
105 if (!valid_user) { | |
106 /* Return failure once we have read the contents of the packet | |
107 required to validate a public key. | |
108 Avoids blind user enumeration though it isn't possible to prevent | |
109 testing for user existence if the public key is known */ | |
110 send_msg_userauth_failure(0, 0); | |
111 goto out; | |
112 } | |
104 | 113 |
105 /* check if the key is valid */ | 114 /* check if the key is valid */ |
106 if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) { | 115 if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) { |
107 send_msg_userauth_failure(0, 0); | 116 send_msg_userauth_failure(0, 0); |
108 goto out; | 117 goto out; |