diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | auth-rh-rsa.c | 52 | ||||
-rw-r--r-- | auth.h | 4 |
3 files changed, 39 insertions, 22 deletions
@@ -24,6 +24,9 @@ | |||
24 | - markus@cvs.openbsd.org 2002/03/16 11:24:53 | 24 | - markus@cvs.openbsd.org 2002/03/16 11:24:53 |
25 | [compress.c] | 25 | [compress.c] |
26 | skip inflateEnd if inflate fails; ok provos@ | 26 | skip inflateEnd if inflate fails; ok provos@ |
27 | - markus@cvs.openbsd.org 2002/03/16 17:22:09 | ||
28 | [auth-rh-rsa.c auth.h] | ||
29 | split auth_rhosts_rsa(), ok provos@ | ||
27 | 30 | ||
28 | 20020317 | 31 | 20020317 |
29 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, | 32 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, |
@@ -7870,4 +7873,4 @@ | |||
7870 | - Wrote replacements for strlcpy and mkdtemp | 7873 | - Wrote replacements for strlcpy and mkdtemp |
7871 | - Released 1.0pre1 | 7874 | - Released 1.0pre1 |
7872 | 7875 | ||
7873 | $Id: ChangeLog,v 1.1931 2002/03/22 01:17:52 mouring Exp $ | 7876 | $Id: ChangeLog,v 1.1932 2002/03/22 01:20:32 mouring Exp $ |
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 397b0a55c..2a88e18b3 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.30 2002/03/14 16:56:33 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.31 2002/03/16 17:22:09 markus Exp $"); |
17 | 17 | ||
18 | #include "packet.h" | 18 | #include "packet.h" |
19 | #include "uidswap.h" | 19 | #include "uidswap.h" |
@@ -25,37 +25,51 @@ RCSID("$OpenBSD: auth-rh-rsa.c,v 1.30 2002/03/14 16:56:33 markus Exp $"); | |||
25 | #include "auth.h" | 25 | #include "auth.h" |
26 | #include "canohost.h" | 26 | #include "canohost.h" |
27 | 27 | ||
28 | /* import */ | ||
29 | extern ServerOptions options; | ||
30 | |||
28 | /* | 31 | /* |
29 | * Tries to authenticate the user using the .rhosts file and the host using | 32 | * Tries to authenticate the user using the .rhosts file and the host using |
30 | * its host key. Returns true if authentication succeeds. | 33 | * its host key. Returns true if authentication succeeds. |
31 | */ | 34 | */ |
32 | 35 | ||
33 | int | 36 | int |
34 | auth_rhosts_rsa(struct passwd *pw, const char *client_user, Key *client_host_key) | 37 | auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost, |
38 | Key *client_host_key) | ||
35 | { | 39 | { |
36 | extern ServerOptions options; | ||
37 | const char *canonical_hostname; | ||
38 | HostStatus host_status; | 40 | HostStatus host_status; |
39 | 41 | ||
40 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); | ||
41 | |||
42 | if (pw == NULL || client_host_key == NULL || client_host_key->rsa == NULL) | ||
43 | return 0; | ||
44 | |||
45 | /* Check if we would accept it using rhosts authentication. */ | 42 | /* Check if we would accept it using rhosts authentication. */ |
46 | if (!auth_rhosts(pw, client_user)) | 43 | if (!auth_rhosts(pw, cuser)) |
47 | return 0; | 44 | return 0; |
48 | 45 | ||
49 | canonical_hostname = get_canonical_hostname( | ||
50 | options.verify_reverse_mapping); | ||
51 | |||
52 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); | ||
53 | |||
54 | host_status = check_key_in_hostfiles(pw, client_host_key, | 46 | host_status = check_key_in_hostfiles(pw, client_host_key, |
55 | canonical_hostname, _PATH_SSH_SYSTEM_HOSTFILE, | 47 | chost, _PATH_SSH_SYSTEM_HOSTFILE, |
56 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); | 48 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); |
57 | 49 | ||
58 | if (host_status != HOST_OK) { | 50 | return (host_status == HOST_OK); |
51 | } | ||
52 | |||
53 | /* | ||
54 | * Tries to authenticate the user using the .rhosts file and the host using | ||
55 | * its host key. Returns true if authentication succeeds. | ||
56 | */ | ||
57 | int | ||
58 | auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key) | ||
59 | { | ||
60 | char *chost; | ||
61 | |||
62 | debug("Trying rhosts with RSA host authentication for client user %.100s", | ||
63 | cuser); | ||
64 | |||
65 | if (pw == NULL || client_host_key == NULL || | ||
66 | client_host_key->rsa == NULL) | ||
67 | return 0; | ||
68 | |||
69 | chost = (char *)get_canonical_hostname(options.verify_reverse_mapping); | ||
70 | debug("Rhosts RSA authentication: canonical host %.900s", chost); | ||
71 | |||
72 | if (!auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key)) { | ||
59 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); | 73 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); |
60 | packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); | 74 | packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); |
61 | return 0; | 75 | return 0; |
@@ -65,7 +79,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, Key *client_host_key | |||
65 | /* Perform the challenge-response dialog with the client for the host key. */ | 79 | /* Perform the challenge-response dialog with the client for the host key. */ |
66 | if (!auth_rsa_challenge_dialog(client_host_key)) { | 80 | if (!auth_rsa_challenge_dialog(client_host_key)) { |
67 | log("Client on %.800s failed to respond correctly to host authentication.", | 81 | log("Client on %.800s failed to respond correctly to host authentication.", |
68 | canonical_hostname); | 82 | chost); |
69 | return 0; | 83 | return 0; |
70 | } | 84 | } |
71 | /* | 85 | /* |
@@ -74,7 +88,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, Key *client_host_key | |||
74 | */ | 88 | */ |
75 | 89 | ||
76 | verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", | 90 | verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", |
77 | pw->pw_name, client_user, canonical_hostname); | 91 | pw->pw_name, cuser, chost); |
78 | packet_send_debug("Rhosts with RSA host authentication accepted."); | 92 | packet_send_debug("Rhosts with RSA host authentication accepted."); |
79 | return 1; | 93 | return 1; |
80 | } | 94 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.30 2002/03/14 16:56:33 markus Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.31 2002/03/16 17:22:09 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -92,7 +92,7 @@ int auth_rhosts(struct passwd *, const char *); | |||
92 | int | 92 | int |
93 | auth_rhosts2(struct passwd *, const char *, const char *, const char *); | 93 | auth_rhosts2(struct passwd *, const char *, const char *, const char *); |
94 | 94 | ||
95 | int auth_rhosts_rsa(struct passwd *, const char *, Key *); | 95 | int auth_rhosts_rsa(struct passwd *, char *, Key *); |
96 | int auth_password(Authctxt *, const char *); | 96 | int auth_password(Authctxt *, const char *); |
97 | int auth_rsa(struct passwd *, BIGNUM *); | 97 | int auth_rsa(struct passwd *, BIGNUM *); |
98 | int auth_rsa_challenge_dialog(Key *); | 98 | int auth_rsa_challenge_dialog(Key *); |