diff options
author | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
commit | 8faf8c84430cf3c19705b1d9f8889d256e7fd1fd (patch) | |
tree | e6cb74192adb00fda5e4d1457547851d7e0d86af /auth-rsa.c | |
parent | 328b60656f29db6306994d7498dede386ec2d1c3 (diff) | |
parent | c41345ad7ee5a22689e2c009595e85fa27b4b39a (diff) |
merge 6.3p1
Diffstat (limited to 'auth-rsa.c')
-rw-r--r-- | auth-rsa.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index 2c8a7cb35..545aa496a 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -164,9 +164,8 @@ static int | |||
164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, | 164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, |
165 | const BIGNUM *client_n, Key **rkey) | 165 | const BIGNUM *client_n, Key **rkey) |
166 | { | 166 | { |
167 | char line[SSH_MAX_PUBKEY_BYTES]; | 167 | char *fp, line[SSH_MAX_PUBKEY_BYTES]; |
168 | int allowed = 0; | 168 | int allowed = 0, bits; |
169 | u_int bits; | ||
170 | FILE *f; | 169 | FILE *f; |
171 | u_long linenum = 0; | 170 | u_long linenum = 0; |
172 | Key *key; | 171 | Key *key; |
@@ -227,11 +226,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, | |||
227 | 226 | ||
228 | /* check the real bits */ | 227 | /* check the real bits */ |
229 | keybits = BN_num_bits(key->rsa->n); | 228 | keybits = BN_num_bits(key->rsa->n); |
230 | if (keybits < 0 || bits != (u_int)keybits) | 229 | if (keybits < 0 || bits != keybits) |
231 | logit("Warning: %s, line %lu: keysize mismatch: " | 230 | logit("Warning: %s, line %lu: keysize mismatch: " |
232 | "actual %d vs. announced %d.", | 231 | "actual %d vs. announced %d.", |
233 | file, linenum, BN_num_bits(key->rsa->n), bits); | 232 | file, linenum, BN_num_bits(key->rsa->n), bits); |
234 | 233 | ||
234 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
235 | debug("matching key found: file %s, line %lu %s %s", | ||
236 | file, linenum, key_type(key), fp); | ||
237 | free(fp); | ||
238 | |||
235 | /* Never accept a revoked key */ | 239 | /* Never accept a revoked key */ |
236 | if (auth_key_is_revoked(key)) | 240 | if (auth_key_is_revoked(key)) |
237 | break; | 241 | break; |
@@ -281,7 +285,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
281 | file = expand_authorized_keys( | 285 | file = expand_authorized_keys( |
282 | options.authorized_keys_files[i], pw); | 286 | options.authorized_keys_files[i], pw); |
283 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); | 287 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); |
284 | xfree(file); | 288 | free(file); |
285 | } | 289 | } |
286 | 290 | ||
287 | restore_uid(); | 291 | restore_uid(); |
@@ -298,7 +302,6 @@ int | |||
298 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | 302 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) |
299 | { | 303 | { |
300 | Key *key; | 304 | Key *key; |
301 | char *fp; | ||
302 | struct passwd *pw = authctxt->pw; | 305 | struct passwd *pw = authctxt->pw; |
303 | 306 | ||
304 | /* no user given */ | 307 | /* no user given */ |
@@ -328,11 +331,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | |||
328 | * options; this will be reset if the options cause the | 331 | * options; this will be reset if the options cause the |
329 | * authentication to be rejected. | 332 | * authentication to be rejected. |
330 | */ | 333 | */ |
331 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 334 | pubkey_auth_info(authctxt, key, NULL); |
332 | verbose("Found matching %s key: %s", | ||
333 | key_type(key), fp); | ||
334 | xfree(fp); | ||
335 | key_free(key); | ||
336 | 335 | ||
337 | packet_send_debug("RSA authentication accepted."); | 336 | packet_send_debug("RSA authentication accepted."); |
338 | return (1); | 337 | return (1); |