diff options
| author | Damien Miller <djm@mindrot.org> | 2000-03-26 13:04:51 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-03-26 13:04:51 +1000 |
| commit | 450a7a1ff40fe7c2d84c93b83cf2df53445d807d (patch) | |
| tree | db6d08bdea65edd34ba2e323a31e2b1ca5e5fbd4 /auth-rh-rsa.c | |
| parent | 2c9279fa667827384fceb243f890cba1dbe480de (diff) | |
- OpenBSD CVS update
- [auth-krb4.c]
-Wall
- [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
[match.h ssh.c ssh.h sshconnect.c sshd.c]
initial support for DSA keys. ok deraadt@, niels@
- [cipher.c cipher.h]
remove unused cipher_attack_detected code
- [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
Fix some formatting problems I missed before.
- [ssh.1 sshd.8]
fix spelling errors, From: FreeBSD
- [ssh.c]
switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
Diffstat (limited to 'auth-rh-rsa.c')
| -rw-r--r-- | auth-rh-rsa.c | 49 |
1 files changed, 33 insertions, 16 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 1392455c..19782577 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -15,7 +15,18 @@ */ #include "includes.h" -RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/25 00:54:57 damien Exp $"); +RCSID("$Id: auth-rh-rsa.c,v 1.8 2000/03/26 03:04:52 damien Exp $"); + +#ifdef HAVE_OPENSSL +#include <openssl/bn.h> +#include <openssl/rsa.h> +#include <openssl/dsa.h> +#endif +#ifdef HAVE_SSL +#include <ssl/bn.h> +#include <ssl/rsa.h> +#include <ssl/dsa.h> +#endif #include "packet.h" #include "ssh.h" @@ -23,37 +34,44 @@ RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/25 00:54:57 damien Exp $"); #include "uidswap.h" #include "servconf.h" +#include "key.h" +#include "hostfile.h" + /* * Tries to authenticate the user using the .rhosts file and the host using * its host key. Returns true if authentication succeeds. */ int -auth_rhosts_rsa(struct passwd *pw, const char *client_user, - BIGNUM *client_host_key_e, BIGNUM *client_host_key_n) +auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key) { extern ServerOptions options; const char *canonical_hostname; HostStatus host_status; - BIGNUM *ke, *kn; + Key *client_key, *found; debug("Trying rhosts with RSA host authentication for %.100s", client_user); + if (client_host_key == NULL) + return 0; + /* Check if we would accept it using rhosts authentication. */ if (!auth_rhosts(pw, client_user)) return 0; canonical_hostname = get_canonical_hostname(); - debug("Rhosts RSA authentication: canonical host %.900s", - canonical_hostname); + debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); + + /* wrap the RSA key into a 'generic' key */ + client_key = key_new(KEY_RSA); + BN_copy(client_key->rsa->e, client_host_key->e); + BN_copy(client_key->rsa->n, client_host_key->n); + found = key_new(KEY_RSA); /* Check if we know the host and its host key. */ - ke = BN_new(); - kn = BN_new(); host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, - client_host_key_e, client_host_key_n, - ke, kn); + client_key, found); /* Check user host file unless ignored. */ if (host_status != HOST_OK && !options.ignore_user_known_hosts) { @@ -73,14 +91,13 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, /* XXX race between stat and the following open() */ temporarily_use_uid(pw->pw_uid); host_status = check_host_in_hostfile(user_hostfile, canonical_hostname, - client_host_key_e, client_host_key_n, - ke, kn); + client_key, found); restore_uid(); } xfree(user_hostfile); } - BN_free(ke); - BN_free(kn); + key_free(client_key); + key_free(found); if (host_status != HOST_OK) { debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); @@ -90,7 +107,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, /* A matching host key was found and is known. */ /* Perform the challenge-response dialog with the client for the host key. */ - if (!auth_rsa_challenge_dialog(client_host_key_e, client_host_key_n)) { + if (!auth_rsa_challenge_dialog(client_host_key)) { log("Client on %.800s failed to respond correctly to host authentication.", canonical_hostname); return 0; @@ -101,7 +118,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, */ verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", - pw->pw_name, client_user, canonical_hostname); + pw->pw_name, client_user, canonical_hostname); packet_send_debug("Rhosts with RSA host authentication accepted."); return 1; } |