summaryrefslogtreecommitdiffhomepage
path: root/svr-authpubkey.c
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2018-08-23 23:43:12 +0800
committerMatt Johnston <matt@ucc.asn.au>2018-08-23 23:43:12 +0800
commit52adbb34c32d3e2e1bcdb941e20a6f81138b8248 (patch)
tree9df84dc409fa0f2a6ed2d9a75d40f31f68a73bbe /svr-authpubkey.c
parent90f04384eeb0a80b9f5ee19823702a612ba1653d (diff)
Wait to fail invalid usernames
Diffstat (limited to 'svr-authpubkey.c')
-rw-r--r--svr-authpubkey.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/svr-authpubkey.c b/svr-authpubkey.c
index aa6087c..ff481c8 100644
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@@ -79,7 +79,7 @@ static int checkfileperm(char * filename);
/* process a pubkey auth request, sending success or failure message as
* appropriate */
-void svr_auth_pubkey() {
+void svr_auth_pubkey(int valid_user) {
unsigned char testkey; /* whether we're just checking if a key is usable */
char* algo = NULL; /* pubkey algo */
@@ -102,6 +102,15 @@ void svr_auth_pubkey() {
keybloblen = buf_getint(ses.payload);
keyblob = buf_getptr(ses.payload, keybloblen);
+ if (!valid_user) {
+ /* Return failure once we have read the contents of the packet
+ required to validate a public key.
+ Avoids blind user enumeration though it isn't possible to prevent
+ testing for user existence if the public key is known */
+ send_msg_userauth_failure(0, 0);
+ goto out;
+ }
+
/* check if the key is valid */
if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) {
send_msg_userauth_failure(0, 0);