1 files changed, 33 insertions, 16 deletions
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 1392455cb..19782577b 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,7 +15,18 @@
 */
 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/25 00:54:57 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.8 2000/03/26 03:04:52 damien Exp $");
+#ifdef HAVE_OPENSSL
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#endif
+#ifdef HAVE_SSL
+#include <ssl/bn.h>
+#include <ssl/rsa.h>
+#include <ssl/dsa.h>
+#endif
 #include "packet.h"
 #include "ssh.h"
@@ -23,37 +34,44 @@ RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/25 00:54:57 damien Exp $");
 #include "uidswap.h"
 #include "servconf.h"
+#include "key.h"
+#include "hostfile.h"
 /*
 * Tries to authenticate the user using the .rhosts file and the host using
 * its host key.  Returns true if authentication succeeds.
 */
 int 
-auth_rhosts_rsa(struct passwd *pw, const char *client_user,
+auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
-                BIGNUM *client_host_key_e, BIGNUM *client_host_key_n)
 {
        extern ServerOptions options;
        const char *canonical_hostname;
        HostStatus host_status;
-        BIGNUM *ke, *kn;
+        Key *client_key, *found;
        debug("Trying rhosts with RSA host authentication for %.100s", client_user);
+        if (client_host_key == NULL)
+                return 0;
        /* Check if we would accept it using rhosts authentication. */
        if (!auth_rhosts(pw, client_user))
                return 0;
        canonical_hostname = get_canonical_hostname();
-        debug("Rhosts RSA authentication: canonical host %.900s",
+        debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
-              canonical_hostname);
+        /* wrap the RSA key into a 'generic' key */
+        client_key = key_new(KEY_RSA);
+        BN_copy(client_key->rsa->e, client_host_key->e);
+        BN_copy(client_key->rsa->n, client_host_key->n);
+        found = key_new(KEY_RSA);
        /* Check if we know the host and its host key. */
-        ke = BN_new();
-        kn = BN_new();
        host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
-                                             client_host_key_e, client_host_key_n,
+            client_key, found);
-                                             ke, kn);
        /* Check user host file unless ignored. */
        if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
@@ -73,14 +91,13 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user,
                        /* XXX race between stat and the following open() */
                        temporarily_use_uid(pw->pw_uid);
                        host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
-                                                             client_host_key_e, client_host_key_n,
+                            client_key, found);
-                                                             ke, kn);
                        restore_uid();
                }
                xfree(user_hostfile);
        }
-        BN_free(ke);
+        key_free(client_key);
-        BN_free(kn);
+        key_free(found);
        if (host_status != HOST_OK) {
                debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
@@ -90,7 +107,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user,
        /* A matching host key was found and is known. */
        /* Perform the challenge-response dialog with the client for the host key. */
-        if (!auth_rsa_challenge_dialog(client_host_key_e, client_host_key_n)) {
+        if (!auth_rsa_challenge_dialog(client_host_key)) {
                log("Client on %.800s failed to respond correctly to host authentication.",
                    canonical_hostname);
                return 0;
@@ -101,7 +118,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user,
         */
        verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
-                pw->pw_name, client_user, canonical_hostname);
+           pw->pw_name, client_user, canonical_hostname);
        packet_send_debug("Rhosts with RSA host authentication accepted.");
        return 1;
 }

diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 1392455cb..19782577b 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c
@@ -15,7 +15,18 @@
15	*/	15	*/
16		16
17	#include "includes.h"	17	#include "includes.h"
18	RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/25 00:54:57 damien Exp $");	18	RCSID("$Id: auth-rh-rsa.c,v 1.8 2000/03/26 03:04:52 damien Exp $");
		19
		20	#ifdef HAVE_OPENSSL
		21	#include <openssl/bn.h>
		22	#include <openssl/rsa.h>
		23	#include <openssl/dsa.h>
		24	#endif
		25	#ifdef HAVE_SSL
		26	#include <ssl/bn.h>
		27	#include <ssl/rsa.h>
		28	#include <ssl/dsa.h>
		29	#endif
19		30
20	#include "packet.h"	31	#include "packet.h"
21	#include "ssh.h"	32	#include "ssh.h"
@@ -23,37 +34,44 @@ RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/25 00:54:57 damien Exp $");
23	#include "uidswap.h"	34	#include "uidswap.h"
24	#include "servconf.h"	35	#include "servconf.h"
25		36
		37	#include "key.h"
		38	#include "hostfile.h"
		39
26	/*	40	/*
27	* Tries to authenticate the user using the .rhosts file and the host using	41	* Tries to authenticate the user using the .rhosts file and the host using
28	* its host key. Returns true if authentication succeeds.	42	* its host key. Returns true if authentication succeeds.
29	*/	43	*/
30		44
31	int	45	int
32	auth_rhosts_rsa(struct passwd pw, const char client_user,	46	auth_rhosts_rsa(struct passwd pw, const char client_user, RSA *client_host_key)
33	BIGNUM client_host_key_e, BIGNUM client_host_key_n)
34	{	47	{
35	extern ServerOptions options;	48	extern ServerOptions options;
36	const char *canonical_hostname;	49	const char *canonical_hostname;
37	HostStatus host_status;	50	HostStatus host_status;
38	BIGNUM ke, kn;	51	Key client_key, found;
39		52
40	debug("Trying rhosts with RSA host authentication for %.100s", client_user);	53	debug("Trying rhosts with RSA host authentication for %.100s", client_user);
41		54
		55	if (client_host_key == NULL)
		56	return 0;
		57
42	/* Check if we would accept it using rhosts authentication. */	58	/* Check if we would accept it using rhosts authentication. */
43	if (!auth_rhosts(pw, client_user))	59	if (!auth_rhosts(pw, client_user))
44	return 0;	60	return 0;
45		61
46	canonical_hostname = get_canonical_hostname();	62	canonical_hostname = get_canonical_hostname();
47		63
48	debug("Rhosts RSA authentication: canonical host %.900s",	64	debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
49	canonical_hostname);	65
		66	/* wrap the RSA key into a 'generic' key */
		67	client_key = key_new(KEY_RSA);
		68	BN_copy(client_key->rsa->e, client_host_key->e);
		69	BN_copy(client_key->rsa->n, client_host_key->n);
		70	found = key_new(KEY_RSA);
50		71
51	/* Check if we know the host and its host key. */	72	/* Check if we know the host and its host key. */
52	ke = BN_new();
53	kn = BN_new();
54	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,	73	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
55	client_host_key_e, client_host_key_n,	74	client_key, found);
56	ke, kn);
57		75
58	/* Check user host file unless ignored. */	76	/* Check user host file unless ignored. */
59	if (host_status != HOST_OK && !options.ignore_user_known_hosts) {	77	if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
@@ -73,14 +91,13 @@ auth_rhosts_rsa(struct passwd pw, const char client_user,
73	/* XXX race between stat and the following open() */	91	/* XXX race between stat and the following open() */
74	temporarily_use_uid(pw->pw_uid);	92	temporarily_use_uid(pw->pw_uid);
75	host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,	93	host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
76	client_host_key_e, client_host_key_n,	94	client_key, found);
77	ke, kn);
78	restore_uid();	95	restore_uid();
79	}	96	}
80	xfree(user_hostfile);	97	xfree(user_hostfile);
81	}	98	}
82	BN_free(ke);	99	key_free(client_key);
83	BN_free(kn);	100	key_free(found);
84		101
85	if (host_status != HOST_OK) {	102	if (host_status != HOST_OK) {
86	debug("Rhosts with RSA host authentication denied: unknown or invalid host key");	103	debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
@@ -90,7 +107,7 @@ auth_rhosts_rsa(struct passwd pw, const char client_user,
90	/* A matching host key was found and is known. */	107	/* A matching host key was found and is known. */
91		108
92	/* Perform the challenge-response dialog with the client for the host key. */	109	/* Perform the challenge-response dialog with the client for the host key. */
93	if (!auth_rsa_challenge_dialog(client_host_key_e, client_host_key_n)) {	110	if (!auth_rsa_challenge_dialog(client_host_key)) {
94	log("Client on %.800s failed to respond correctly to host authentication.",	111	log("Client on %.800s failed to respond correctly to host authentication.",
95	canonical_hostname);	112	canonical_hostname);
96	return 0;	113	return 0;
@@ -101,7 +118,7 @@ auth_rhosts_rsa(struct passwd pw, const char client_user,
101	*/	118	*/
102		119
103	verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",	120	verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
104	pw->pw_name, client_user, canonical_hostname);	121	pw->pw_name, client_user, canonical_hostname);
105	packet_send_debug("Rhosts with RSA host authentication accepted.");	122	packet_send_debug("Rhosts with RSA host authentication accepted.");
106	return 1;	123	return 1;
107	}	124	}