diff options
Diffstat (limited to 'auth-rh-rsa.c')
| -rw-r--r-- | auth-rh-rsa.c | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 8a486b330..e8d22a041 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.27 2001/12/27 19:54:53 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include "packet.h" | 18 | #include "packet.h" |
| 19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
| @@ -32,16 +32,15 @@ RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $"); | |||
| 32 | */ | 32 | */ |
| 33 | 33 | ||
| 34 | int | 34 | int |
| 35 | auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key) | 35 | auth_rhosts_rsa(struct passwd *pw, const char *client_user, Key *client_host_key) |
| 36 | { | 36 | { |
| 37 | extern ServerOptions options; | 37 | extern ServerOptions options; |
| 38 | const char *canonical_hostname; | 38 | const char *canonical_hostname; |
| 39 | HostStatus host_status; | 39 | HostStatus host_status; |
| 40 | Key *client_key; | ||
| 41 | 40 | ||
| 42 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); | 41 | debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); |
| 43 | 42 | ||
| 44 | if (pw == NULL || client_host_key == NULL) | 43 | if (pw == NULL || client_host_key == NULL || client_host_key->rsa == NULL) |
| 45 | return 0; | 44 | return 0; |
| 46 | 45 | ||
| 47 | /* Check if we would accept it using rhosts authentication. */ | 46 | /* Check if we would accept it using rhosts authentication. */ |
| @@ -53,17 +52,10 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
| 53 | 52 | ||
| 54 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); | 53 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); |
| 55 | 54 | ||
| 56 | /* wrap the RSA key into a 'generic' key */ | 55 | host_status = check_key_in_hostfiles(pw, client_host_key, |
| 57 | client_key = key_new(KEY_RSA1); | 56 | canonical_hostname, _PATH_SSH_SYSTEM_HOSTFILE, |
| 58 | BN_copy(client_key->rsa->e, client_host_key->e); | ||
| 59 | BN_copy(client_key->rsa->n, client_host_key->n); | ||
| 60 | |||
| 61 | host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname, | ||
| 62 | _PATH_SSH_SYSTEM_HOSTFILE, | ||
| 63 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); | 57 | options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); |
| 64 | 58 | ||
| 65 | key_free(client_key); | ||
| 66 | |||
| 67 | if (host_status != HOST_OK) { | 59 | if (host_status != HOST_OK) { |
| 68 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); | 60 | debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); |
| 69 | packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); | 61 | packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); |
| @@ -72,7 +64,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
| 72 | /* A matching host key was found and is known. */ | 64 | /* A matching host key was found and is known. */ |
| 73 | 65 | ||
| 74 | /* Perform the challenge-response dialog with the client for the host key. */ | 66 | /* Perform the challenge-response dialog with the client for the host key. */ |
| 75 | if (!auth_rsa_challenge_dialog(client_host_key)) { | 67 | if (!auth_rsa_challenge_dialog(client_host_key->rsa)) { |
| 76 | log("Client on %.800s failed to respond correctly to host authentication.", | 68 | log("Client on %.800s failed to respond correctly to host authentication.", |
| 77 | canonical_hostname); | 69 | canonical_hostname); |
| 78 | return 0; | 70 | return 0; |