diff options
| author | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
| commit | 7e8e820153a620ab1dcd81857a7de0969c41d043 (patch) | |
| tree | 226cc4185feae97f4069ad60b4c18d259aa5df2f /auth-rsa.c | |
| parent | 4874c79a3a05fc18678d7a85d7091f5139630fac (diff) | |
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
the keysize of rsa-parameter 'n' is passed implizit,
a few more checks and warnings about 'pretended' keysizes.
- [cipher.c cipher.h packet.c packet.h sshd.c]
remove support for cipher RC4
- [ssh.c]
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
- [sshconnect.c]
more detailed messages about adding and checking hostkeys
Diffstat (limited to 'auth-rsa.c')
| -rw-r--r-- | auth-rsa.c | 24 |
1 files changed, 15 insertions, 9 deletions
@@ -16,7 +16,7 @@ validity of the host key. */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.6 1999/11/12 23:51:58 damien Exp $"); +RCSID("$Id: auth-rsa.c,v 1.7 1999/11/16 02:37:16 damien Exp $"); #include "rsa.h" #include "packet.h" @@ -61,7 +61,7 @@ extern unsigned char session_id[16]; our challenge; returns zero if the client gives a wrong answer. */ int -auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n) +auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) { BIGNUM *challenge, *encrypted_challenge, *aux; RSA *pk; @@ -138,7 +138,7 @@ int auth_rsa(struct passwd *pw, BIGNUM *client_n) { extern ServerOptions options; - char line[8192]; + char line[8192], file[1024]; int authenticated; unsigned int bits; FILE *f; @@ -150,11 +150,11 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) temporarily_use_uid(pw->pw_uid); /* The authorized keys. */ - snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, + snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, SSH_USER_PERMITTED_KEYS); /* Fail quietly if file does not exist */ - if (stat(line, &st) < 0) + if (stat(file, &st) < 0) { /* Restore the privileged uid. */ restore_uid(); @@ -162,12 +162,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) } /* Open the file containing the authorized keys. */ - f = fopen(line, "r"); + f = fopen(file, "r"); if (!f) { /* Restore the privileged uid. */ restore_uid(); - packet_send_debug("Could not open %.900s for reading.", line); + packet_send_debug("Could not open %.900s for reading.", file); packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); return 0; } @@ -180,7 +180,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) (st.st_uid != 0 && st.st_uid != pw->pw_uid) || (st.st_mode & 022) != 0) { snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: " - "bad ownership or modes for '%s'.", pw->pw_name, line); + "bad ownership or modes for '%s'.", pw->pw_name, file); fail=1; }else{ /* Check path to SSH_USER_PERMITTED_KEYS */ @@ -263,6 +263,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) } /* cp now points to the comment part. */ + /* check the real bits */ + if (bits != BN_num_bits(n)) + error("Warning: error in %s, line %d: keysize mismatch: " + "actual size %d vs. announced %d.", + file, linenum, BN_num_bits(n), bits); + /* Check if the we have found the desired key (identified by its modulus). */ if (BN_cmp(n, client_n) != 0) @@ -271,7 +277,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* We have found the desired key. */ /* Perform the challenge-response dialog for this key. */ - if (!auth_rsa_challenge_dialog(bits, e, n)) + if (!auth_rsa_challenge_dialog(e, n)) { /* Wrong response. */ log("Wrong response to RSA authentication challenge."); |