summaryrefslogtreecommitdiff
path: root/auth-rsa.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-09-14 15:43:03 +0100
committerColin Watson <cjwatson@debian.org>2013-09-14 15:43:03 +0100
commit8faf8c84430cf3c19705b1d9f8889d256e7fd1fd (patch)
treee6cb74192adb00fda5e4d1457547851d7e0d86af /auth-rsa.c
parent328b60656f29db6306994d7498dede386ec2d1c3 (diff)
parentc41345ad7ee5a22689e2c009595e85fa27b4b39a (diff)
merge 6.3p1
Diffstat (limited to 'auth-rsa.c')
-rw-r--r--auth-rsa.c23
1 files changed, 11 insertions, 12 deletions
diff --git a/auth-rsa.c b/auth-rsa.c
index 2c8a7cb35..545aa496a 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */ 1/* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -164,9 +164,8 @@ static int
164rsa_key_allowed_in_file(struct passwd *pw, char *file, 164rsa_key_allowed_in_file(struct passwd *pw, char *file,
165 const BIGNUM *client_n, Key **rkey) 165 const BIGNUM *client_n, Key **rkey)
166{ 166{
167 char line[SSH_MAX_PUBKEY_BYTES]; 167 char *fp, line[SSH_MAX_PUBKEY_BYTES];
168 int allowed = 0; 168 int allowed = 0, bits;
169 u_int bits;
170 FILE *f; 169 FILE *f;
171 u_long linenum = 0; 170 u_long linenum = 0;
172 Key *key; 171 Key *key;
@@ -227,11 +226,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
227 226
228 /* check the real bits */ 227 /* check the real bits */
229 keybits = BN_num_bits(key->rsa->n); 228 keybits = BN_num_bits(key->rsa->n);
230 if (keybits < 0 || bits != (u_int)keybits) 229 if (keybits < 0 || bits != keybits)
231 logit("Warning: %s, line %lu: keysize mismatch: " 230 logit("Warning: %s, line %lu: keysize mismatch: "
232 "actual %d vs. announced %d.", 231 "actual %d vs. announced %d.",
233 file, linenum, BN_num_bits(key->rsa->n), bits); 232 file, linenum, BN_num_bits(key->rsa->n), bits);
234 233
234 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
235 debug("matching key found: file %s, line %lu %s %s",
236 file, linenum, key_type(key), fp);
237 free(fp);
238
235 /* Never accept a revoked key */ 239 /* Never accept a revoked key */
236 if (auth_key_is_revoked(key)) 240 if (auth_key_is_revoked(key))
237 break; 241 break;
@@ -281,7 +285,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
281 file = expand_authorized_keys( 285 file = expand_authorized_keys(
282 options.authorized_keys_files[i], pw); 286 options.authorized_keys_files[i], pw);
283 allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); 287 allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
284 xfree(file); 288 free(file);
285 } 289 }
286 290
287 restore_uid(); 291 restore_uid();
@@ -298,7 +302,6 @@ int
298auth_rsa(Authctxt *authctxt, BIGNUM *client_n) 302auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
299{ 303{
300 Key *key; 304 Key *key;
301 char *fp;
302 struct passwd *pw = authctxt->pw; 305 struct passwd *pw = authctxt->pw;
303 306
304 /* no user given */ 307 /* no user given */
@@ -328,11 +331,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
328 * options; this will be reset if the options cause the 331 * options; this will be reset if the options cause the
329 * authentication to be rejected. 332 * authentication to be rejected.
330 */ 333 */
331 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 334 pubkey_auth_info(authctxt, key, NULL);
332 verbose("Found matching %s key: %s",
333 key_type(key), fp);
334 xfree(fp);
335 key_free(key);
336 335
337 packet_send_debug("RSA authentication accepted."); 336 packet_send_debug("RSA authentication accepted.");
338 return (1); 337 return (1);