diff options
| author | Damien Miller <djm@mindrot.org> | 2000-11-13 22:57:25 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-11-13 22:57:25 +1100 |
| commit | 0bc1bd814e3c2b5e92d6f595930051960d17f47f (patch) | |
| tree | 176c7dc2844ecc2c1de0f72d221449556ffa5209 /authfd.c | |
| parent | 559d383037b0872fcde4e6c40188b649c574be74 (diff) | |
- (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/11/06 16:04:56
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c ssh.c]
agent forwarding and -R for ssh2, based on work from
jhuuskon@messi.uku.fi
- markus@cvs.openbsd.org 2000/11/06 16:13:27
[ssh.c sshconnect.c sshd.c]
do not disabled rhosts(rsa) if server port > 1024; from
pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- markus@cvs.openbsd.org 2000/11/09 18:04:40
[auth1.c]
typo; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/11/12 12:03:28
[ssh-agent.c]
off-by-one when removing a key from the agent
- markus@cvs.openbsd.org 2000/11/12 12:50:39
[auth-rh-rsa.c auth2.c authfd.c authfd.h]
[authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
[readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
[sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
[ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
add support for RSA to SSH2. please test.
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- (djm) Fix up Makefile and Redhat init script to create RSA host keys
- (djm) Change to interim version
Diffstat (limited to 'authfd.c')
| -rw-r--r-- | authfd.c | 76 |
1 files changed, 48 insertions, 28 deletions
| @@ -35,7 +35,7 @@ | |||
| 35 | */ | 35 | */ |
| 36 | 36 | ||
| 37 | #include "includes.h" | 37 | #include "includes.h" |
| 38 | RCSID("$OpenBSD: authfd.c,v 1.29 2000/10/09 21:51:00 markus Exp $"); | 38 | RCSID("$OpenBSD: authfd.c,v 1.30 2000/11/12 19:50:37 markus Exp $"); |
| 39 | 39 | ||
| 40 | #include "ssh.h" | 40 | #include "ssh.h" |
| 41 | #include "rsa.h" | 41 | #include "rsa.h" |
| @@ -50,7 +50,6 @@ RCSID("$OpenBSD: authfd.c,v 1.29 2000/10/09 21:51:00 markus Exp $"); | |||
| 50 | #include "key.h" | 50 | #include "key.h" |
| 51 | #include "authfd.h" | 51 | #include "authfd.h" |
| 52 | #include "kex.h" | 52 | #include "kex.h" |
| 53 | #include "dsa.h" | ||
| 54 | #include "compat.h" | 53 | #include "compat.h" |
| 55 | 54 | ||
| 56 | /* helper */ | 55 | /* helper */ |
| @@ -211,8 +210,8 @@ ssh_close_authentication_connection(AuthenticationConnection *auth) | |||
| 211 | * Returns the first authentication identity held by the agent. | 210 | * Returns the first authentication identity held by the agent. |
| 212 | */ | 211 | */ |
| 213 | 212 | ||
| 214 | Key * | 213 | int |
| 215 | ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version) | 214 | ssh_get_num_identities(AuthenticationConnection *auth, int version) |
| 216 | { | 215 | { |
| 217 | int type, code1 = 0, code2 = 0; | 216 | int type, code1 = 0, code2 = 0; |
| 218 | Buffer request; | 217 | Buffer request; |
| @@ -227,7 +226,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi | |||
| 227 | code2 = SSH2_AGENT_IDENTITIES_ANSWER; | 226 | code2 = SSH2_AGENT_IDENTITIES_ANSWER; |
| 228 | break; | 227 | break; |
| 229 | default: | 228 | default: |
| 230 | return NULL; | 229 | return 0; |
| 231 | } | 230 | } |
| 232 | 231 | ||
| 233 | /* | 232 | /* |
| @@ -240,14 +239,14 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi | |||
| 240 | buffer_clear(&auth->identities); | 239 | buffer_clear(&auth->identities); |
| 241 | if (ssh_request_reply(auth, &request, &auth->identities) == 0) { | 240 | if (ssh_request_reply(auth, &request, &auth->identities) == 0) { |
| 242 | buffer_free(&request); | 241 | buffer_free(&request); |
| 243 | return NULL; | 242 | return 0; |
| 244 | } | 243 | } |
| 245 | buffer_free(&request); | 244 | buffer_free(&request); |
| 246 | 245 | ||
| 247 | /* Get message type, and verify that we got a proper answer. */ | 246 | /* Get message type, and verify that we got a proper answer. */ |
| 248 | type = buffer_get_char(&auth->identities); | 247 | type = buffer_get_char(&auth->identities); |
| 249 | if (agent_failed(type)) { | 248 | if (agent_failed(type)) { |
| 250 | return NULL; | 249 | return 0; |
| 251 | } else if (type != code2) { | 250 | } else if (type != code2) { |
| 252 | fatal("Bad authentication reply message type: %d", type); | 251 | fatal("Bad authentication reply message type: %d", type); |
| 253 | } | 252 | } |
| @@ -258,8 +257,16 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi | |||
| 258 | fatal("Too many identities in authentication reply: %d\n", | 257 | fatal("Too many identities in authentication reply: %d\n", |
| 259 | auth->howmany); | 258 | auth->howmany); |
| 260 | 259 | ||
| 261 | /* Return the first entry (if any). */ | 260 | return auth->howmany; |
| 262 | return ssh_get_next_identity(auth, comment, version); | 261 | } |
| 262 | |||
| 263 | Key * | ||
| 264 | ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version) | ||
| 265 | { | ||
| 266 | /* get number of identities and return the first entry (if any). */ | ||
| 267 | if (ssh_get_num_identities(auth, version) > 0) | ||
| 268 | return ssh_get_next_identity(auth, comment, version); | ||
| 269 | return NULL; | ||
| 263 | } | 270 | } |
| 264 | 271 | ||
| 265 | Key * | 272 | Key * |
| @@ -280,7 +287,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
| 280 | */ | 287 | */ |
| 281 | switch(version){ | 288 | switch(version){ |
| 282 | case 1: | 289 | case 1: |
| 283 | key = key_new(KEY_RSA); | 290 | key = key_new(KEY_RSA1); |
| 284 | bits = buffer_get_int(&auth->identities); | 291 | bits = buffer_get_int(&auth->identities); |
| 285 | buffer_get_bignum(&auth->identities, key->rsa->e); | 292 | buffer_get_bignum(&auth->identities, key->rsa->e); |
| 286 | buffer_get_bignum(&auth->identities, key->rsa->n); | 293 | buffer_get_bignum(&auth->identities, key->rsa->n); |
| @@ -292,7 +299,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
| 292 | case 2: | 299 | case 2: |
| 293 | blob = buffer_get_string(&auth->identities, &blen); | 300 | blob = buffer_get_string(&auth->identities, &blen); |
| 294 | *comment = buffer_get_string(&auth->identities, NULL); | 301 | *comment = buffer_get_string(&auth->identities, NULL); |
| 295 | key = dsa_key_from_blob(blob, blen); | 302 | key = key_from_blob(blob, blen); |
| 296 | xfree(blob); | 303 | xfree(blob); |
| 297 | break; | 304 | break; |
| 298 | default: | 305 | default: |
| @@ -324,7 +331,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, | |||
| 324 | int i; | 331 | int i; |
| 325 | int type; | 332 | int type; |
| 326 | 333 | ||
| 327 | if (key->type != KEY_RSA) | 334 | if (key->type != KEY_RSA1) |
| 328 | return 0; | 335 | return 0; |
| 329 | if (response_type == 0) { | 336 | if (response_type == 0) { |
| 330 | log("Compatibility with ssh protocol version 1.0 no longer supported."); | 337 | log("Compatibility with ssh protocol version 1.0 no longer supported."); |
| @@ -376,7 +383,7 @@ ssh_agent_sign(AuthenticationConnection *auth, | |||
| 376 | int type, flags = 0; | 383 | int type, flags = 0; |
| 377 | int ret = -1; | 384 | int ret = -1; |
| 378 | 385 | ||
| 379 | if (dsa_make_key_blob(key, &blob, &blen) == 0) | 386 | if (key_to_blob(key, &blob, &blen) == 0) |
| 380 | return -1; | 387 | return -1; |
| 381 | 388 | ||
| 382 | if (datafellows & SSH_BUG_SIGBLOB) | 389 | if (datafellows & SSH_BUG_SIGBLOB) |
| @@ -409,7 +416,7 @@ ssh_agent_sign(AuthenticationConnection *auth, | |||
| 409 | /* Encode key for a message to the agent. */ | 416 | /* Encode key for a message to the agent. */ |
| 410 | 417 | ||
| 411 | void | 418 | void |
| 412 | ssh_encode_identity_rsa(Buffer *b, RSA *key, const char *comment) | 419 | ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
| 413 | { | 420 | { |
| 414 | buffer_clear(b); | 421 | buffer_clear(b); |
| 415 | buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); | 422 | buffer_put_char(b, SSH_AGENTC_ADD_RSA_IDENTITY); |
| @@ -425,17 +432,29 @@ ssh_encode_identity_rsa(Buffer *b, RSA *key, const char *comment) | |||
| 425 | } | 432 | } |
| 426 | 433 | ||
| 427 | void | 434 | void |
| 428 | ssh_encode_identity_dsa(Buffer *b, DSA *key, const char *comment) | 435 | ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
| 429 | { | 436 | { |
| 430 | buffer_clear(b); | 437 | buffer_clear(b); |
| 431 | buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); | 438 | buffer_put_char(b, SSH2_AGENTC_ADD_IDENTITY); |
| 432 | buffer_put_cstring(b, KEX_DSS); | 439 | buffer_put_cstring(b, key_ssh_name(key)); |
| 433 | buffer_put_bignum2(b, key->p); | 440 | switch(key->type){ |
| 434 | buffer_put_bignum2(b, key->q); | 441 | case KEY_RSA: |
| 435 | buffer_put_bignum2(b, key->g); | 442 | buffer_put_bignum2(b, key->rsa->n); |
| 436 | buffer_put_bignum2(b, key->pub_key); | 443 | buffer_put_bignum2(b, key->rsa->e); |
| 437 | buffer_put_bignum2(b, key->priv_key); | 444 | buffer_put_bignum2(b, key->rsa->d); |
| 438 | buffer_put_string(b, comment, strlen(comment)); | 445 | buffer_put_bignum2(b, key->rsa->iqmp); |
| 446 | buffer_put_bignum2(b, key->rsa->p); | ||
| 447 | buffer_put_bignum2(b, key->rsa->q); | ||
| 448 | break; | ||
| 449 | case KEY_DSA: | ||
| 450 | buffer_put_bignum2(b, key->dsa->p); | ||
| 451 | buffer_put_bignum2(b, key->dsa->q); | ||
| 452 | buffer_put_bignum2(b, key->dsa->g); | ||
| 453 | buffer_put_bignum2(b, key->dsa->pub_key); | ||
| 454 | buffer_put_bignum2(b, key->dsa->priv_key); | ||
| 455 | break; | ||
| 456 | } | ||
| 457 | buffer_put_cstring(b, comment); | ||
| 439 | } | 458 | } |
| 440 | 459 | ||
| 441 | /* | 460 | /* |
| @@ -452,11 +471,12 @@ ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment) | |||
| 452 | buffer_init(&msg); | 471 | buffer_init(&msg); |
| 453 | 472 | ||
| 454 | switch (key->type) { | 473 | switch (key->type) { |
| 455 | case KEY_RSA: | 474 | case KEY_RSA1: |
| 456 | ssh_encode_identity_rsa(&msg, key->rsa, comment); | 475 | ssh_encode_identity_rsa1(&msg, key->rsa, comment); |
| 457 | break; | 476 | break; |
| 477 | case KEY_RSA: | ||
| 458 | case KEY_DSA: | 478 | case KEY_DSA: |
| 459 | ssh_encode_identity_dsa(&msg, key->dsa, comment); | 479 | ssh_encode_identity_ssh2(&msg, key, comment); |
| 460 | break; | 480 | break; |
| 461 | default: | 481 | default: |
| 462 | buffer_free(&msg); | 482 | buffer_free(&msg); |
| @@ -487,13 +507,13 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) | |||
| 487 | 507 | ||
| 488 | buffer_init(&msg); | 508 | buffer_init(&msg); |
| 489 | 509 | ||
| 490 | if (key->type == KEY_RSA) { | 510 | if (key->type == KEY_RSA1) { |
| 491 | buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); | 511 | buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); |
| 492 | buffer_put_int(&msg, BN_num_bits(key->rsa->n)); | 512 | buffer_put_int(&msg, BN_num_bits(key->rsa->n)); |
| 493 | buffer_put_bignum(&msg, key->rsa->e); | 513 | buffer_put_bignum(&msg, key->rsa->e); |
| 494 | buffer_put_bignum(&msg, key->rsa->n); | 514 | buffer_put_bignum(&msg, key->rsa->n); |
| 495 | } else if (key->type == KEY_DSA) { | 515 | } else if (key->type == KEY_DSA || key->type == KEY_RSA) { |
| 496 | dsa_make_key_blob(key, &blob, &blen); | 516 | key_to_blob(key, &blob, &blen); |
| 497 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); | 517 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); |
| 498 | buffer_put_string(&msg, blob, blen); | 518 | buffer_put_string(&msg, blob, blen); |
| 499 | xfree(blob); | 519 | xfree(blob); |