make ssh hostbased authentication send the signature algorithm in

its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.

spotted with dtucker@ ok markus@

diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 57b7148..ded9fc2 100644 (file)
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.342 2021/01/22 02:44:58 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.343 2021/01/25 06:00:17 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -2170,7 +2170,7 @@ userauth_hostbased(struct ssh *ssh)
            (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
            (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
            (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
-           (r = sshbuf_put_cstring(b, sshkey_ssh_name(private))) != 0 ||
+           (r = sshbuf_put_cstring(b, authctxt->active_ktype)) != 0 ||
            (r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||
            (r = sshbuf_put_cstring(b, chost)) != 0 ||
            (r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) {
@@ -2191,7 +2191,7 @@ userauth_hostbased(struct ssh *ssh)
            (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
            (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
            (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
-           (r = sshpkt_put_cstring(ssh, sshkey_ssh_name(private))) != 0 ||
+           (r = sshpkt_put_cstring(ssh, authctxt->active_ktype)) != 0 ||
            (r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 ||
            (r = sshpkt_put_cstring(ssh, chost)) != 0 ||
            (r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 ||