diff options
Diffstat (limited to 'auth-rsa.c')
| -rw-r--r-- | auth-rsa.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index 2c8a7cb35..545aa496a 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -164,9 +164,8 @@ static int | |||
| 164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, | 164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, |
| 165 | const BIGNUM *client_n, Key **rkey) | 165 | const BIGNUM *client_n, Key **rkey) |
| 166 | { | 166 | { |
| 167 | char line[SSH_MAX_PUBKEY_BYTES]; | 167 | char *fp, line[SSH_MAX_PUBKEY_BYTES]; |
| 168 | int allowed = 0; | 168 | int allowed = 0, bits; |
| 169 | u_int bits; | ||
| 170 | FILE *f; | 169 | FILE *f; |
| 171 | u_long linenum = 0; | 170 | u_long linenum = 0; |
| 172 | Key *key; | 171 | Key *key; |
| @@ -227,11 +226,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, | |||
| 227 | 226 | ||
| 228 | /* check the real bits */ | 227 | /* check the real bits */ |
| 229 | keybits = BN_num_bits(key->rsa->n); | 228 | keybits = BN_num_bits(key->rsa->n); |
| 230 | if (keybits < 0 || bits != (u_int)keybits) | 229 | if (keybits < 0 || bits != keybits) |
| 231 | logit("Warning: %s, line %lu: keysize mismatch: " | 230 | logit("Warning: %s, line %lu: keysize mismatch: " |
| 232 | "actual %d vs. announced %d.", | 231 | "actual %d vs. announced %d.", |
| 233 | file, linenum, BN_num_bits(key->rsa->n), bits); | 232 | file, linenum, BN_num_bits(key->rsa->n), bits); |
| 234 | 233 | ||
| 234 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
| 235 | debug("matching key found: file %s, line %lu %s %s", | ||
| 236 | file, linenum, key_type(key), fp); | ||
| 237 | free(fp); | ||
| 238 | |||
| 235 | /* Never accept a revoked key */ | 239 | /* Never accept a revoked key */ |
| 236 | if (auth_key_is_revoked(key)) | 240 | if (auth_key_is_revoked(key)) |
| 237 | break; | 241 | break; |
| @@ -281,7 +285,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
| 281 | file = expand_authorized_keys( | 285 | file = expand_authorized_keys( |
| 282 | options.authorized_keys_files[i], pw); | 286 | options.authorized_keys_files[i], pw); |
| 283 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); | 287 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); |
| 284 | xfree(file); | 288 | free(file); |
| 285 | } | 289 | } |
| 286 | 290 | ||
| 287 | restore_uid(); | 291 | restore_uid(); |
| @@ -298,7 +302,6 @@ int | |||
| 298 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | 302 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) |
| 299 | { | 303 | { |
| 300 | Key *key; | 304 | Key *key; |
| 301 | char *fp; | ||
| 302 | struct passwd *pw = authctxt->pw; | 305 | struct passwd *pw = authctxt->pw; |
| 303 | 306 | ||
| 304 | /* no user given */ | 307 | /* no user given */ |
| @@ -328,11 +331,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | |||
| 328 | * options; this will be reset if the options cause the | 331 | * options; this will be reset if the options cause the |
| 329 | * authentication to be rejected. | 332 | * authentication to be rejected. |
| 330 | */ | 333 | */ |
| 331 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 334 | pubkey_auth_info(authctxt, key, NULL); |
| 332 | verbose("Found matching %s key: %s", | ||
| 333 | key_type(key), fp); | ||
| 334 | xfree(fp); | ||
| 335 | key_free(key); | ||
| 336 | 335 | ||
| 337 | packet_send_debug("RSA authentication accepted."); | 336 | packet_send_debug("RSA authentication accepted."); |
| 338 | return (1); | 337 | return (1); |