diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | auth-rh-rsa.c | 20 | ||||
| -rw-r--r-- | auth.h | 4 | ||||
| -rw-r--r-- | auth1.c | 4 |
4 files changed, 14 insertions, 19 deletions
| @@ -48,6 +48,9 @@ | |||
| 48 | - markus@cvs.openbsd.org 2001/12/27 19:37:23 | 48 | - markus@cvs.openbsd.org 2001/12/27 19:37:23 |
| 49 | [dh.c kexdh.c kexgex.c] | 49 | [dh.c kexdh.c kexgex.c] |
| 50 | always use BN_clear_free instead of BN_free | 50 | always use BN_clear_free instead of BN_free |
| 51 | - markus@cvs.openbsd.org 2001/12/27 19:54:53 | ||
| 52 | [auth1.c auth.h auth-rh-rsa.c] | ||
| 53 | auth_rhosts_rsa now accept generic keys. | ||
| 51 | 54 | ||
| 52 | 20020121 | 55 | 20020121 |
| 53 | - (djm) Rework ssh-rand-helper: | 56 | - (djm) Rework ssh-rand-helper: |
| @@ -7195,4 +7198,4 @@ | |||
| 7195 | - Wrote replacements for strlcpy and mkdtemp | 7198 | - Wrote replacements for strlcpy and mkdtemp |
| 7196 | - Released 1.0pre1 | 7199 | - Released 1.0pre1 |
| 7197 | 7200 | ||
| 7198 | $Id: ChangeLog,v 1.1736 2002/01/22 12:10:33 djm Exp $ | 7201 | $Id: ChangeLog,v 1.1737 2002/01/22 12:11:00 djm Exp $ |
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 8a486b330..e8d22a041 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.27 2001/12/27 19:54:53 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include "packet.h" | 18 | #include "packet.h" |
| 19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
| @@ -32,16 +32,15 @@ RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $"); | |||
| 32 | */ | 32 | */ |
| 33 | 33 | ||
| 34 | int | 34 | int |
| 35 | auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key) | 35 | auth_rhosts_rsa(struct passwd *pw, const char *client_user, Key *client_host_key) |
| 36 | { | 36 | { |
| 37 | extern ServerOptions options; | 37 | extern ServerOptions options; |
| 38 | const char *canonical_hostname; | 38 | const char *canonical_hostname; |
| 39 | HostStatus host_status; | 39 | HostStatus host_status; |
| 40 | Key *client_key; | ||
| 41 | 40 | ||
| 42 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); | 41 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); |
| 43 | 42 | ||
| 44 | if (pw == NULL || client_host_key == NULL) | 43 | if (pw == NULL || client_host_key == NULL || client_host_key->rsa == NULL) |
| 45 | return 0; | 44 | return 0; |
| 46 | 45 | ||
| 47 | /* Check if we would accept it using rhosts authentication. */ | 46 | /* Check if we would accept it using rhosts authentication. */ |
| @@ -53,17 +52,10 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
| 53 | 52 | ||
| 54 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); | 53 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); |
| 55 | 54 | ||
| 56 | /* wrap the RSA key into a 'generic' key */ | 55 | host_status = check_key_in_hostfiles(pw, client_host_key, |
| 57 | client_key = key_new(KEY_RSA1); | 56 | canonical_hostname, _PATH_SSH_SYSTEM_HOSTFILE, |
| 58 | BN_copy(client_key->rsa->e, client_host_key->e); | ||
| 59 | BN_copy(client_key->rsa->n, client_host_key->n); | ||
| 60 | |||
| 61 | host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname, | ||
| 62 | _PATH_SSH_SYSTEM_HOSTFILE, | ||
| 63 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); | 57 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); |
| 64 | 58 | ||
| 65 | key_free(client_key); | ||
| 66 | |||
| 67 | if (host_status != HOST_OK) { | 59 | if (host_status != HOST_OK) { |
| 68 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); | 60 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); |
| 69 | packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); | 61 | packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); |
| @@ -72,7 +64,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
| 72 | /* A matching host key was found and is known. */ | 64 | /* A matching host key was found and is known. */ |
| 73 | 65 | ||
| 74 | /* Perform the challenge-response dialog with the client for the host key. */ | 66 | /* Perform the challenge-response dialog with the client for the host key. */ |
| 75 | if (!auth_rsa_challenge_dialog(client_host_key)) { | 67 | if (!auth_rsa_challenge_dialog(client_host_key->rsa)) { |
| 76 | log("Client on %.800s failed to respond correctly to host authentication.", | 68 | log("Client on %.800s failed to respond correctly to host authentication.", |
| 77 | canonical_hostname); | 69 | canonical_hostname); |
| 78 | return 0; | 70 | return 0; |
| @@ -21,7 +21,7 @@ | |||
| 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | * | 23 | * |
| 24 | * $OpenBSD: auth.h,v 1.25 2001/12/19 07:18:56 deraadt Exp $ | 24 | * $OpenBSD: auth.h,v 1.26 2001/12/27 19:54:53 markus Exp $ |
| 25 | */ | 25 | */ |
| 26 | #ifndef AUTH_H | 26 | #ifndef AUTH_H |
| 27 | #define AUTH_H | 27 | #define AUTH_H |
| @@ -91,7 +91,7 @@ int auth_rhosts(struct passwd *, const char *); | |||
| 91 | int | 91 | int |
| 92 | auth_rhosts2(struct passwd *, const char *, const char *, const char *); | 92 | auth_rhosts2(struct passwd *, const char *, const char *, const char *); |
| 93 | 93 | ||
| 94 | int auth_rhosts_rsa(struct passwd *, const char *, RSA *); | 94 | int auth_rhosts_rsa(struct passwd *, const char *, Key *); |
| 95 | int auth_password(Authctxt *, const char *); | 95 | int auth_password(Authctxt *, const char *); |
| 96 | int auth_rsa(struct passwd *, BIGNUM *); | 96 | int auth_rsa(struct passwd *, BIGNUM *); |
| 97 | int auth_rsa_challenge_dialog(RSA *); | 97 | int auth_rsa_challenge_dialog(RSA *); |
| @@ -10,7 +10,7 @@ | |||
| 10 | */ | 10 | */ |
| 11 | 11 | ||
| 12 | #include "includes.h" | 12 | #include "includes.h" |
| 13 | RCSID("$OpenBSD: auth1.c,v 1.29 2001/12/27 18:22:16 markus Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.30 2001/12/27 19:54:53 markus Exp $"); |
| 14 | 14 | ||
| 15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
| 16 | #include "rsa.h" | 16 | #include "rsa.h" |
| @@ -214,7 +214,7 @@ do_authloop(Authctxt *authctxt) | |||
| 214 | packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); | 214 | packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); |
| 215 | 215 | ||
| 216 | authenticated = auth_rhosts_rsa(pw, client_user, | 216 | authenticated = auth_rhosts_rsa(pw, client_user, |
| 217 | client_host_key->rsa); | 217 | client_host_key); |
| 218 | key_free(client_host_key); | 218 | key_free(client_host_key); |
| 219 | 219 | ||
| 220 | snprintf(info, sizeof info, " ruser %.100s", client_user); | 220 | snprintf(info, sizeof info, " ruser %.100s", client_user); |