diff options
Diffstat (limited to 'auth-rsa.c')
-rw-r--r-- | auth-rsa.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index ff9bf3b64..9c5d484b1 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rsa.c,v 1.51 2002/03/14 16:56:33 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.52 2002/03/18 17:50:31 provos Exp $"); |
18 | 18 | ||
19 | #include <openssl/rsa.h> | 19 | #include <openssl/rsa.h> |
20 | #include <openssl/md5.h> | 20 | #include <openssl/md5.h> |
@@ -32,6 +32,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.51 2002/03/14 16:56:33 markus Exp $"); | |||
32 | #include "servconf.h" | 32 | #include "servconf.h" |
33 | #include "auth.h" | 33 | #include "auth.h" |
34 | #include "hostfile.h" | 34 | #include "hostfile.h" |
35 | #include "monitor_wrap.h" | ||
35 | 36 | ||
36 | /* import */ | 37 | /* import */ |
37 | extern ServerOptions options; | 38 | extern ServerOptions options; |
@@ -52,7 +53,7 @@ extern u_char session_id[16]; | |||
52 | * description of the options. | 53 | * description of the options. |
53 | */ | 54 | */ |
54 | 55 | ||
55 | static BIGNUM * | 56 | BIGNUM * |
56 | auth_rsa_generate_challenge(Key *key) | 57 | auth_rsa_generate_challenge(Key *key) |
57 | { | 58 | { |
58 | BIGNUM *challenge; | 59 | BIGNUM *challenge; |
@@ -70,7 +71,7 @@ auth_rsa_generate_challenge(Key *key) | |||
70 | return challenge; | 71 | return challenge; |
71 | } | 72 | } |
72 | 73 | ||
73 | static int | 74 | int |
74 | auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) | 75 | auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) |
75 | { | 76 | { |
76 | u_char buf[32], mdbuf[16]; | 77 | u_char buf[32], mdbuf[16]; |
@@ -113,7 +114,7 @@ auth_rsa_challenge_dialog(Key *key) | |||
113 | if ((encrypted_challenge = BN_new()) == NULL) | 114 | if ((encrypted_challenge = BN_new()) == NULL) |
114 | fatal("auth_rsa_challenge_dialog: BN_new() failed"); | 115 | fatal("auth_rsa_challenge_dialog: BN_new() failed"); |
115 | 116 | ||
116 | challenge = auth_rsa_generate_challenge(key); | 117 | challenge = PRIVSEP(auth_rsa_generate_challenge(key)); |
117 | 118 | ||
118 | /* Encrypt the challenge with the public key. */ | 119 | /* Encrypt the challenge with the public key. */ |
119 | rsa_public_encrypt(encrypted_challenge, challenge, key->rsa); | 120 | rsa_public_encrypt(encrypted_challenge, challenge, key->rsa); |
@@ -131,7 +132,7 @@ auth_rsa_challenge_dialog(Key *key) | |||
131 | response[i] = packet_get_char(); | 132 | response[i] = packet_get_char(); |
132 | packet_check_eom(); | 133 | packet_check_eom(); |
133 | 134 | ||
134 | success = auth_rsa_verify_response(key, challenge, response); | 135 | success = PRIVSEP(auth_rsa_verify_response(key, challenge, response)); |
135 | BN_clear_free(challenge); | 136 | BN_clear_free(challenge); |
136 | return (success); | 137 | return (success); |
137 | } | 138 | } |
@@ -141,11 +142,11 @@ auth_rsa_challenge_dialog(Key *key) | |||
141 | * return key if login is allowed, NULL otherwise | 142 | * return key if login is allowed, NULL otherwise |
142 | */ | 143 | */ |
143 | 144 | ||
144 | static int | 145 | int |
145 | auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | 146 | auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) |
146 | { | 147 | { |
147 | char line[8192], *file; | 148 | char line[8192], *file; |
148 | int allowed; | 149 | int allowed = 0; |
149 | u_int bits; | 150 | u_int bits; |
150 | FILE *f; | 151 | FILE *f; |
151 | u_long linenum = 0; | 152 | u_long linenum = 0; |
@@ -284,7 +285,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
284 | if (pw == NULL) | 285 | if (pw == NULL) |
285 | return 0; | 286 | return 0; |
286 | 287 | ||
287 | if (auth_rsa_key_allowed(pw, client_n, &key) == 0) { | 288 | if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { |
288 | auth_clear_options(); | 289 | auth_clear_options(); |
289 | return (0); | 290 | return (0); |
290 | } | 291 | } |