diff options
Diffstat (limited to 'sshconnect1.c')
| -rw-r--r-- | sshconnect1.c | 40 |
1 files changed, 19 insertions, 21 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index aaebf17ff..7b60d6276 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
| @@ -9,7 +9,7 @@ | |||
| 9 | */ | 9 | */ |
| 10 | 10 | ||
| 11 | #include "includes.h" | 11 | #include "includes.h" |
| 12 | RCSID("$OpenBSD: sshconnect1.c,v 1.4 2000/07/16 08:27:22 markus Exp $"); | 12 | RCSID("$OpenBSD: sshconnect1.c,v 1.5 2000/08/19 21:34:44 markus Exp $"); |
| 13 | 13 | ||
| 14 | #include <openssl/bn.h> | 14 | #include <openssl/bn.h> |
| 15 | #include <openssl/dsa.h> | 15 | #include <openssl/dsa.h> |
| @@ -44,27 +44,27 @@ extern char *__progname; | |||
| 44 | int | 44 | int |
| 45 | try_agent_authentication() | 45 | try_agent_authentication() |
| 46 | { | 46 | { |
| 47 | int status, type; | 47 | int type; |
| 48 | char *comment; | 48 | char *comment; |
| 49 | AuthenticationConnection *auth; | 49 | AuthenticationConnection *auth; |
| 50 | unsigned char response[16]; | 50 | unsigned char response[16]; |
| 51 | unsigned int i; | 51 | unsigned int i; |
| 52 | BIGNUM *e, *n, *challenge; | 52 | int plen, clen; |
| 53 | Key *key; | ||
| 54 | BIGNUM *challenge; | ||
| 53 | 55 | ||
| 54 | /* Get connection to the agent. */ | 56 | /* Get connection to the agent. */ |
| 55 | auth = ssh_get_authentication_connection(); | 57 | auth = ssh_get_authentication_connection(); |
| 56 | if (!auth) | 58 | if (!auth) |
| 57 | return 0; | 59 | return 0; |
| 58 | 60 | ||
| 59 | e = BN_new(); | ||
| 60 | n = BN_new(); | ||
| 61 | challenge = BN_new(); | 61 | challenge = BN_new(); |
| 62 | key = key_new(KEY_RSA); | ||
| 62 | 63 | ||
| 63 | /* Loop through identities served by the agent. */ | 64 | /* Loop through identities served by the agent. */ |
| 64 | for (status = ssh_get_first_identity(auth, e, n, &comment); | 65 | for (key = ssh_get_first_identity(auth, &comment, 1); |
| 65 | status; | 66 | key != NULL; |
| 66 | status = ssh_get_next_identity(auth, e, n, &comment)) { | 67 | key = ssh_get_next_identity(auth, &comment, 1)) { |
| 67 | int plen, clen; | ||
| 68 | 68 | ||
| 69 | /* Try this identity. */ | 69 | /* Try this identity. */ |
| 70 | debug("Trying RSA authentication via agent with '%.100s'", comment); | 70 | debug("Trying RSA authentication via agent with '%.100s'", comment); |
| @@ -72,7 +72,7 @@ try_agent_authentication() | |||
| 72 | 72 | ||
| 73 | /* Tell the server that we are willing to authenticate using this key. */ | 73 | /* Tell the server that we are willing to authenticate using this key. */ |
| 74 | packet_start(SSH_CMSG_AUTH_RSA); | 74 | packet_start(SSH_CMSG_AUTH_RSA); |
| 75 | packet_put_bignum(n); | 75 | packet_put_bignum(key->rsa->n); |
| 76 | packet_send(); | 76 | packet_send(); |
| 77 | packet_write_wait(); | 77 | packet_write_wait(); |
| 78 | 78 | ||
| @@ -83,6 +83,7 @@ try_agent_authentication() | |||
| 83 | does not support RSA authentication. */ | 83 | does not support RSA authentication. */ |
| 84 | if (type == SSH_SMSG_FAILURE) { | 84 | if (type == SSH_SMSG_FAILURE) { |
| 85 | debug("Server refused our key."); | 85 | debug("Server refused our key."); |
| 86 | key_free(key); | ||
| 86 | continue; | 87 | continue; |
| 87 | } | 88 | } |
| 88 | /* Otherwise it should have sent a challenge. */ | 89 | /* Otherwise it should have sent a challenge. */ |
| @@ -97,13 +98,16 @@ try_agent_authentication() | |||
| 97 | debug("Received RSA challenge from server."); | 98 | debug("Received RSA challenge from server."); |
| 98 | 99 | ||
| 99 | /* Ask the agent to decrypt the challenge. */ | 100 | /* Ask the agent to decrypt the challenge. */ |
| 100 | if (!ssh_decrypt_challenge(auth, e, n, challenge, | 101 | if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { |
| 101 | session_id, 1, response)) { | 102 | /* |
| 102 | /* The agent failed to authenticate this identifier although it | 103 | * The agent failed to authenticate this identifier |
| 103 | advertised it supports this. Just return a wrong value. */ | 104 | * although it advertised it supports this. Just |
| 105 | * return a wrong value. | ||
| 106 | */ | ||
| 104 | log("Authentication agent failed to decrypt challenge."); | 107 | log("Authentication agent failed to decrypt challenge."); |
| 105 | memset(response, 0, sizeof(response)); | 108 | memset(response, 0, sizeof(response)); |
| 106 | } | 109 | } |
| 110 | key_free(key); | ||
| 107 | debug("Sending response to RSA challenge."); | 111 | debug("Sending response to RSA challenge."); |
| 108 | 112 | ||
| 109 | /* Send the decrypted challenge back to the server. */ | 113 | /* Send the decrypted challenge back to the server. */ |
| @@ -118,10 +122,8 @@ try_agent_authentication() | |||
| 118 | 122 | ||
| 119 | /* The server returns success if it accepted the authentication. */ | 123 | /* The server returns success if it accepted the authentication. */ |
| 120 | if (type == SSH_SMSG_SUCCESS) { | 124 | if (type == SSH_SMSG_SUCCESS) { |
| 121 | debug("RSA authentication accepted by server."); | ||
| 122 | BN_clear_free(e); | ||
| 123 | BN_clear_free(n); | ||
| 124 | BN_clear_free(challenge); | 125 | BN_clear_free(challenge); |
| 126 | debug("RSA authentication accepted by server."); | ||
| 125 | return 1; | 127 | return 1; |
| 126 | } | 128 | } |
| 127 | /* Otherwise it should return failure. */ | 129 | /* Otherwise it should return failure. */ |
| @@ -129,11 +131,7 @@ try_agent_authentication() | |||
| 129 | packet_disconnect("Protocol error waiting RSA auth response: %d", | 131 | packet_disconnect("Protocol error waiting RSA auth response: %d", |
| 130 | type); | 132 | type); |
| 131 | } | 133 | } |
| 132 | |||
| 133 | BN_clear_free(e); | ||
| 134 | BN_clear_free(n); | ||
| 135 | BN_clear_free(challenge); | 134 | BN_clear_free(challenge); |
| 136 | |||
| 137 | debug("RSA authentication using agent refused."); | 135 | debug("RSA authentication using agent refused."); |
| 138 | return 0; | 136 | return 0; |
| 139 | } | 137 | } |