summaryrefslogtreecommitdiff
path: root/auth-rh-rsa.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2016-12-20 00:22:52 +0000
committerColin Watson <cjwatson@debian.org>2016-12-20 00:22:52 +0000
commit971a7653746a6972b907dfe0ce139c06e4a6f482 (patch)
tree70fb964265d57ae4967be55b75dbb2a122e9b969 /auth-rh-rsa.c
parenta8ed8d256b2e2c05b0c15565a7938028c5192277 (diff)
parent4a354fc231174901f2629437c2a6e924a2dd6772 (diff)
Import openssh_7.4p1.orig.tar.gz
Diffstat (limited to 'auth-rh-rsa.c')
-rw-r--r--auth-rh-rsa.c109
1 files changed, 0 insertions, 109 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
deleted file mode 100644
index 057335ba4..000000000
--- a/auth-rh-rsa.c
+++ /dev/null
@@ -1,109 +0,0 @@
1/* $OpenBSD: auth-rh-rsa.c,v 1.45 2016/03/07 19:02:43 djm Exp $ */
2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
6 * Rhosts or /etc/hosts.equiv authentication combined with RSA host
7 * authentication.
8 *
9 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 */
15
16#include "includes.h"
17
18#ifdef WITH_SSH1
19
20#include <sys/types.h>
21
22#include <pwd.h>
23#include <stdarg.h>
24
25#include "packet.h"
26#include "uidswap.h"
27#include "log.h"
28#include "buffer.h"
29#include "misc.h"
30#include "servconf.h"
31#include "key.h"
32#include "hostfile.h"
33#include "pathnames.h"
34#include "auth.h"
35#include "canohost.h"
36#ifdef GSSAPI
37#include "ssh-gss.h"
38#endif
39#include "monitor_wrap.h"
40
41/* import */
42extern ServerOptions options;
43
44int
45auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *cuser,
46 const char *chost, Key *client_host_key)
47{
48 HostStatus host_status;
49
50 if (auth_key_is_revoked(client_host_key))
51 return 0;
52
53 /* Check if we would accept it using rhosts authentication. */
54 if (!auth_rhosts(pw, cuser))
55 return 0;
56
57 host_status = check_key_in_hostfiles(pw, client_host_key,
58 chost, _PATH_SSH_SYSTEM_HOSTFILE,
59 options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
60
61 return (host_status == HOST_OK);
62}
63
64/*
65 * Tries to authenticate the user using the .rhosts file and the host using
66 * its host key. Returns true if authentication succeeds.
67 */
68int
69auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
70{
71 struct ssh *ssh = active_state; /* XXX */
72 const char *chost;
73 struct passwd *pw = authctxt->pw;
74
75 debug("Trying rhosts with RSA host authentication for client user %.100s",
76 cuser);
77
78 if (!authctxt->valid || client_host_key == NULL ||
79 client_host_key->rsa == NULL)
80 return 0;
81
82 chost = auth_get_canonical_hostname(ssh, options.use_dns);
83 debug("Rhosts RSA authentication: canonical host %.900s", chost);
84
85 if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) {
86 debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
87 packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
88 return 0;
89 }
90 /* A matching host key was found and is known. */
91
92 /* Perform the challenge-response dialog with the client for the host key. */
93 if (!auth_rsa_challenge_dialog(client_host_key)) {
94 logit("Client on %.800s failed to respond correctly to host authentication.",
95 chost);
96 return 0;
97 }
98 /*
99 * We have authenticated the user using .rhosts or /etc/hosts.equiv,
100 * and the host using RSA. We accept the authentication.
101 */
102
103 verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
104 pw->pw_name, cuser, chost);
105 packet_send_debug("Rhosts with RSA host authentication accepted.");
106 return 1;
107}
108
109#endif /* WITH_SSH1 */