diff options
Diffstat (limited to 'auth-rsa.c')
-rw-r--r-- | auth-rsa.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index 33cdb5dae..9b139c928 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -164,9 +164,8 @@ static int | |||
164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, | 164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, |
165 | const BIGNUM *client_n, Key **rkey) | 165 | const BIGNUM *client_n, Key **rkey) |
166 | { | 166 | { |
167 | char line[SSH_MAX_PUBKEY_BYTES]; | 167 | char *fp, line[SSH_MAX_PUBKEY_BYTES]; |
168 | int allowed = 0; | 168 | int allowed = 0, bits; |
169 | u_int bits; | ||
170 | FILE *f; | 169 | FILE *f; |
171 | u_long linenum = 0; | 170 | u_long linenum = 0; |
172 | Key *key; | 171 | Key *key; |
@@ -229,11 +228,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, | |||
229 | 228 | ||
230 | /* check the real bits */ | 229 | /* check the real bits */ |
231 | keybits = BN_num_bits(key->rsa->n); | 230 | keybits = BN_num_bits(key->rsa->n); |
232 | if (keybits < 0 || bits != (u_int)keybits) | 231 | if (keybits < 0 || bits != keybits) |
233 | logit("Warning: %s, line %lu: keysize mismatch: " | 232 | logit("Warning: %s, line %lu: keysize mismatch: " |
234 | "actual %d vs. announced %d.", | 233 | "actual %d vs. announced %d.", |
235 | file, linenum, BN_num_bits(key->rsa->n), bits); | 234 | file, linenum, BN_num_bits(key->rsa->n), bits); |
236 | 235 | ||
236 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
237 | debug("matching key found: file %s, line %lu %s %s", | ||
238 | file, linenum, key_type(key), fp); | ||
239 | free(fp); | ||
240 | |||
237 | /* Never accept a revoked key */ | 241 | /* Never accept a revoked key */ |
238 | if (auth_key_is_revoked(key, 0)) | 242 | if (auth_key_is_revoked(key, 0)) |
239 | break; | 243 | break; |
@@ -283,7 +287,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
283 | file = expand_authorized_keys( | 287 | file = expand_authorized_keys( |
284 | options.authorized_keys_files[i], pw); | 288 | options.authorized_keys_files[i], pw); |
285 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); | 289 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); |
286 | xfree(file); | 290 | free(file); |
287 | } | 291 | } |
288 | 292 | ||
289 | restore_uid(); | 293 | restore_uid(); |
@@ -300,7 +304,6 @@ int | |||
300 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | 304 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) |
301 | { | 305 | { |
302 | Key *key; | 306 | Key *key; |
303 | char *fp; | ||
304 | struct passwd *pw = authctxt->pw; | 307 | struct passwd *pw = authctxt->pw; |
305 | 308 | ||
306 | /* no user given */ | 309 | /* no user given */ |
@@ -330,11 +333,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | |||
330 | * options; this will be reset if the options cause the | 333 | * options; this will be reset if the options cause the |
331 | * authentication to be rejected. | 334 | * authentication to be rejected. |
332 | */ | 335 | */ |
333 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 336 | pubkey_auth_info(authctxt, key, NULL); |
334 | verbose("Found matching %s key: %s", | ||
335 | key_type(key), fp); | ||
336 | xfree(fp); | ||
337 | key_free(key); | ||
338 | 337 | ||
339 | packet_send_debug("RSA authentication accepted."); | 338 | packet_send_debug("RSA authentication accepted."); |
340 | return (1); | 339 | return (1); |