summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2001-12-21 12:52:39 +1100
committerDamien Miller <djm@mindrot.org>2001-12-21 12:52:39 +1100
commit89681214ca2f50a1b1ed6164c3afe1ce14995ffc (patch)
tree0a927c128f598f52d139b89c4f3e48a7658c54a4
parentda9edcabf8b153ff5cb3b681e34a367404f0c0dc (diff)
- jakob@cvs.openbsd.org 2001/12/18 10:06:24
[auth-rsa.c] log fingerprint on successful public key authentication, simplify usage of key structs; ok markus@
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--auth-rsa.c28
2 files changed, 22 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index fb0e58dde..552d6588d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@
24 - jakob@cvs.openbsd.org 2001/12/18 10:05:15 24 - jakob@cvs.openbsd.org 2001/12/18 10:05:15
25 [auth2.c] 25 [auth2.c]
26 log fingerprint on successful public key authentication; ok markus@ 26 log fingerprint on successful public key authentication; ok markus@
27 - jakob@cvs.openbsd.org 2001/12/18 10:06:24
28 [auth-rsa.c]
29 log fingerprint on successful public key authentication, simplify
30 usage of key structs; ok markus@
27 31
2820011219 3220011219
29 - (stevesk) OpenBSD CVS sync X11 localhost display 33 - (stevesk) OpenBSD CVS sync X11 localhost display
@@ -7052,4 +7056,4 @@
7052 - Wrote replacements for strlcpy and mkdtemp 7056 - Wrote replacements for strlcpy and mkdtemp
7053 - Released 1.0pre1 7057 - Released 1.0pre1
7054 7058
7055$Id: ChangeLog,v 1.1699 2001/12/21 01:48:54 djm Exp $ 7059$Id: ChangeLog,v 1.1700 2001/12/21 01:52:39 djm Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
index 61aa64349..5846a0662 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.45 2001/11/29 22:08:48 markus Exp $"); 17RCSID("$OpenBSD: auth-rsa.c,v 1.46 2001/12/18 10:06:24 jakob Exp $");
18 18
19#include <openssl/rsa.h> 19#include <openssl/rsa.h>
20#include <openssl/md5.h> 20#include <openssl/md5.h>
@@ -31,6 +31,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.45 2001/11/29 22:08:48 markus Exp $");
31#include "log.h" 31#include "log.h"
32#include "servconf.h" 32#include "servconf.h"
33#include "auth.h" 33#include "auth.h"
34#include "hostfile.h"
34 35
35/* import */ 36/* import */
36extern ServerOptions options; 37extern ServerOptions options;
@@ -128,7 +129,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
128 FILE *f; 129 FILE *f;
129 u_long linenum = 0; 130 u_long linenum = 0;
130 struct stat st; 131 struct stat st;
131 RSA *pk; 132 Key *key;
133 char *fp;
132 134
133 /* no user given */ 135 /* no user given */
134 if (pw == NULL) 136 if (pw == NULL)
@@ -170,9 +172,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
170 /* Flag indicating whether authentication has succeeded. */ 172 /* Flag indicating whether authentication has succeeded. */
171 authenticated = 0; 173 authenticated = 0;
172 174
173 pk = RSA_new(); 175 key = key_new(KEY_RSA1);
174 pk->e = BN_new();
175 pk->n = BN_new();
176 176
177 /* 177 /*
178 * Go though the accepted keys, looking for the current key. If 178 * Go though the accepted keys, looking for the current key. If
@@ -210,7 +210,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
210 options = NULL; 210 options = NULL;
211 211
212 /* Parse the key from the line. */ 212 /* Parse the key from the line. */
213 if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { 213 if (hostfile_read_key(&cp, &bits, key) == 0) {
214 debug("%.100s, line %lu: non ssh1 key syntax", 214 debug("%.100s, line %lu: non ssh1 key syntax",
215 file, linenum); 215 file, linenum);
216 continue; 216 continue;
@@ -218,14 +218,14 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
218 /* cp now points to the comment part. */ 218 /* cp now points to the comment part. */
219 219
220 /* Check if the we have found the desired key (identified by its modulus). */ 220 /* Check if the we have found the desired key (identified by its modulus). */
221 if (BN_cmp(pk->n, client_n) != 0) 221 if (BN_cmp(key->rsa->n, client_n) != 0)
222 continue; 222 continue;
223 223
224 /* check the real bits */ 224 /* check the real bits */
225 if (bits != BN_num_bits(pk->n)) 225 if (bits != BN_num_bits(key->rsa->n))
226 log("Warning: %s, line %lu: keysize mismatch: " 226 log("Warning: %s, line %lu: keysize mismatch: "
227 "actual %d vs. announced %d.", 227 "actual %d vs. announced %d.",
228 file, linenum, BN_num_bits(pk->n), bits); 228 file, linenum, BN_num_bits(key->rsa->n), bits);
229 229
230 /* We have found the desired key. */ 230 /* We have found the desired key. */
231 /* 231 /*
@@ -236,7 +236,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
236 continue; 236 continue;
237 237
238 /* Perform the challenge-response dialog for this key. */ 238 /* Perform the challenge-response dialog for this key. */
239 if (!auth_rsa_challenge_dialog(pk)) { 239 if (!auth_rsa_challenge_dialog(key->rsa)) {
240 /* Wrong response. */ 240 /* Wrong response. */
241 verbose("Wrong response to RSA authentication challenge."); 241 verbose("Wrong response to RSA authentication challenge.");
242 packet_send_debug("Wrong response to RSA authentication challenge."); 242 packet_send_debug("Wrong response to RSA authentication challenge.");
@@ -255,6 +255,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
255 * otherwise continue searching. 255 * otherwise continue searching.
256 */ 256 */
257 authenticated = 1; 257 authenticated = 1;
258
259 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
260 verbose("Found matching %s key: %s",
261 key_type(key), fp);
262 xfree(fp);
263
258 break; 264 break;
259 } 265 }
260 266
@@ -265,7 +271,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
265 xfree(file); 271 xfree(file);
266 fclose(f); 272 fclose(f);
267 273
268 RSA_free(pk); 274 key_free(key);
269 275
270 if (authenticated) 276 if (authenticated)
271 packet_send_debug("RSA authentication accepted."); 277 packet_send_debug("RSA authentication accepted.");
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 17:39:39 +0000