diff options
Diffstat (limited to 'sshconnect1.c')
-rw-r--r-- | sshconnect1.c | 40 |
1 files changed, 19 insertions, 21 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index aaebf17ff..7b60d6276 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -9,7 +9,7 @@ | |||
9 | */ | 9 | */ |
10 | 10 | ||
11 | #include "includes.h" | 11 | #include "includes.h" |
12 | RCSID("$OpenBSD: sshconnect1.c,v 1.4 2000/07/16 08:27:22 markus Exp $"); | 12 | RCSID("$OpenBSD: sshconnect1.c,v 1.5 2000/08/19 21:34:44 markus Exp $"); |
13 | 13 | ||
14 | #include <openssl/bn.h> | 14 | #include <openssl/bn.h> |
15 | #include <openssl/dsa.h> | 15 | #include <openssl/dsa.h> |
@@ -44,27 +44,27 @@ extern char *__progname; | |||
44 | int | 44 | int |
45 | try_agent_authentication() | 45 | try_agent_authentication() |
46 | { | 46 | { |
47 | int status, type; | 47 | int type; |
48 | char *comment; | 48 | char *comment; |
49 | AuthenticationConnection *auth; | 49 | AuthenticationConnection *auth; |
50 | unsigned char response[16]; | 50 | unsigned char response[16]; |
51 | unsigned int i; | 51 | unsigned int i; |
52 | BIGNUM *e, *n, *challenge; | 52 | int plen, clen; |
53 | Key *key; | ||
54 | BIGNUM *challenge; | ||
53 | 55 | ||
54 | /* Get connection to the agent. */ | 56 | /* Get connection to the agent. */ |
55 | auth = ssh_get_authentication_connection(); | 57 | auth = ssh_get_authentication_connection(); |
56 | if (!auth) | 58 | if (!auth) |
57 | return 0; | 59 | return 0; |
58 | 60 | ||
59 | e = BN_new(); | ||
60 | n = BN_new(); | ||
61 | challenge = BN_new(); | 61 | challenge = BN_new(); |
62 | key = key_new(KEY_RSA); | ||
62 | 63 | ||
63 | /* Loop through identities served by the agent. */ | 64 | /* Loop through identities served by the agent. */ |
64 | for (status = ssh_get_first_identity(auth, e, n, &comment); | 65 | for (key = ssh_get_first_identity(auth, &comment, 1); |
65 | status; | 66 | key != NULL; |
66 | status = ssh_get_next_identity(auth, e, n, &comment)) { | 67 | key = ssh_get_next_identity(auth, &comment, 1)) { |
67 | int plen, clen; | ||
68 | 68 | ||
69 | /* Try this identity. */ | 69 | /* Try this identity. */ |
70 | debug("Trying RSA authentication via agent with '%.100s'", comment); | 70 | debug("Trying RSA authentication via agent with '%.100s'", comment); |
@@ -72,7 +72,7 @@ try_agent_authentication() | |||
72 | 72 | ||
73 | /* Tell the server that we are willing to authenticate using this key. */ | 73 | /* Tell the server that we are willing to authenticate using this key. */ |
74 | packet_start(SSH_CMSG_AUTH_RSA); | 74 | packet_start(SSH_CMSG_AUTH_RSA); |
75 | packet_put_bignum(n); | 75 | packet_put_bignum(key->rsa->n); |
76 | packet_send(); | 76 | packet_send(); |
77 | packet_write_wait(); | 77 | packet_write_wait(); |
78 | 78 | ||
@@ -83,6 +83,7 @@ try_agent_authentication() | |||
83 | does not support RSA authentication. */ | 83 | does not support RSA authentication. */ |
84 | if (type == SSH_SMSG_FAILURE) { | 84 | if (type == SSH_SMSG_FAILURE) { |
85 | debug("Server refused our key."); | 85 | debug("Server refused our key."); |
86 | key_free(key); | ||
86 | continue; | 87 | continue; |
87 | } | 88 | } |
88 | /* Otherwise it should have sent a challenge. */ | 89 | /* Otherwise it should have sent a challenge. */ |
@@ -97,13 +98,16 @@ try_agent_authentication() | |||
97 | debug("Received RSA challenge from server."); | 98 | debug("Received RSA challenge from server."); |
98 | 99 | ||
99 | /* Ask the agent to decrypt the challenge. */ | 100 | /* Ask the agent to decrypt the challenge. */ |
100 | if (!ssh_decrypt_challenge(auth, e, n, challenge, | 101 | if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { |
101 | session_id, 1, response)) { | 102 | /* |
102 | /* The agent failed to authenticate this identifier although it | 103 | * The agent failed to authenticate this identifier |
103 | advertised it supports this. Just return a wrong value. */ | 104 | * although it advertised it supports this. Just |
105 | * return a wrong value. | ||
106 | */ | ||
104 | log("Authentication agent failed to decrypt challenge."); | 107 | log("Authentication agent failed to decrypt challenge."); |
105 | memset(response, 0, sizeof(response)); | 108 | memset(response, 0, sizeof(response)); |
106 | } | 109 | } |
110 | key_free(key); | ||
107 | debug("Sending response to RSA challenge."); | 111 | debug("Sending response to RSA challenge."); |
108 | 112 | ||
109 | /* Send the decrypted challenge back to the server. */ | 113 | /* Send the decrypted challenge back to the server. */ |
@@ -118,10 +122,8 @@ try_agent_authentication() | |||
118 | 122 | ||
119 | /* The server returns success if it accepted the authentication. */ | 123 | /* The server returns success if it accepted the authentication. */ |
120 | if (type == SSH_SMSG_SUCCESS) { | 124 | if (type == SSH_SMSG_SUCCESS) { |
121 | debug("RSA authentication accepted by server."); | ||
122 | BN_clear_free(e); | ||
123 | BN_clear_free(n); | ||
124 | BN_clear_free(challenge); | 125 | BN_clear_free(challenge); |
126 | debug("RSA authentication accepted by server."); | ||
125 | return 1; | 127 | return 1; |
126 | } | 128 | } |
127 | /* Otherwise it should return failure. */ | 129 | /* Otherwise it should return failure. */ |
@@ -129,11 +131,7 @@ try_agent_authentication() | |||
129 | packet_disconnect("Protocol error waiting RSA auth response: %d", | 131 | packet_disconnect("Protocol error waiting RSA auth response: %d", |
130 | type); | 132 | type); |
131 | } | 133 | } |
132 | |||
133 | BN_clear_free(e); | ||
134 | BN_clear_free(n); | ||
135 | BN_clear_free(challenge); | 134 | BN_clear_free(challenge); |
136 | |||
137 | debug("RSA authentication using agent refused."); | 135 | debug("RSA authentication using agent refused."); |
138 | return 0; | 136 | return 0; |
139 | } | 137 | } |