- provos@cvs.openbsd.org 2002/03/18 17:50:31

[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!
author: Ben Lindstrom <mouring@eviladmin.org> 2002-03-22 02:30:41 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2002-03-22 02:30:41 +0000
commit: 7a2073c50b92c053594d48a651ebafae052a71ed (patch)
tree: 7cfceb925262a07a356b0667e19f33eec497b602 /auth-rsa.c
parent: 0f345f5ee1e71e1e9f8780ec13b2da23b6a9f7f8 (diff)
1 files changed, 9 insertions, 8 deletions
diff --git a/auth-rsa.c b/auth-rsa.c
index ff9bf3b64..9c5d484b1 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.51 2002/03/14 16:56:33 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.52 2002/03/18 17:50:31 provos Exp $");
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -32,6 +32,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.51 2002/03/14 16:56:33 markus Exp $");
 #include "servconf.h"
 #include "auth.h"
 #include "hostfile.h"
+#include "monitor_wrap.h"
 /* import */
 extern ServerOptions options;
@@ -52,7 +53,7 @@ extern u_char session_id[16];
 * description of the options.
 */
-static BIGNUM *
+BIGNUM *
 auth_rsa_generate_challenge(Key *key)
 {
        BIGNUM *challenge;
@@ -70,7 +71,7 @@ auth_rsa_generate_challenge(Key *key)
        return challenge;
 }
-static int
+int
 auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
 {
        u_char buf[32], mdbuf[16];
@@ -113,7 +114,7 @@ auth_rsa_challenge_dialog(Key *key)
        if ((encrypted_challenge = BN_new()) == NULL)
                fatal("auth_rsa_challenge_dialog: BN_new() failed");
-        challenge = auth_rsa_generate_challenge(key);
+        challenge = PRIVSEP(auth_rsa_generate_challenge(key));
        /* Encrypt the challenge with the public key. */
        rsa_public_encrypt(encrypted_challenge, challenge, key->rsa);
@@ -131,7 +132,7 @@ auth_rsa_challenge_dialog(Key *key)
                response[i] = packet_get_char();
        packet_check_eom();
-        success = auth_rsa_verify_response(key, challenge, response);
+        success = PRIVSEP(auth_rsa_verify_response(key, challenge, response));
        BN_clear_free(challenge);
        return (success);
 }
@@ -141,11 +142,11 @@ auth_rsa_challenge_dialog(Key *key)
 * return key if login is allowed, NULL otherwise
 */
-static int
+int
 auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 {
        char line[8192], *file;
-        int allowed;
+        int allowed = 0;
        u_int bits;
        FILE *f;
        u_long linenum = 0;
@@ -284,7 +285,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
        if (pw == NULL)
                return 0;
-        if (auth_rsa_key_allowed(pw, client_n, &key) == 0) {
+        if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
                auth_clear_options();
                return (0);
        }
author	Ben Lindstrom <mouring@eviladmin.org>	2002-03-22 02:30:41 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2002-03-22 02:30:41 +0000
commit	7a2073c50b92c053594d48a651ebafae052a71ed (patch)
tree	7cfceb925262a07a356b0667e19f33eec497b602 /auth-rsa.c
parent	0f345f5ee1e71e1e9f8780ec13b2da23b6a9f7f8 (diff)