diff options
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 77 |
1 files changed, 43 insertions, 34 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 6ba23d445..bb4774aa4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.27 2000/10/19 16:45:16 provos Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.28 2000/11/12 19:50:38 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/rsa.h> | 29 | #include <openssl/rsa.h> |
@@ -45,7 +45,6 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.27 2000/10/19 16:45:16 provos Exp $"); | |||
45 | #include "kex.h" | 45 | #include "kex.h" |
46 | #include "myproposal.h" | 46 | #include "myproposal.h" |
47 | #include "key.h" | 47 | #include "key.h" |
48 | #include "dsa.h" | ||
49 | #include "sshconnect.h" | 48 | #include "sshconnect.h" |
50 | #include "authfile.h" | 49 | #include "authfile.h" |
51 | #include "cli.h" | 50 | #include "cli.h" |
@@ -196,7 +195,7 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
196 | 195 | ||
197 | /* key, cert */ | 196 | /* key, cert */ |
198 | server_host_key_blob = packet_get_string(&sbloblen); | 197 | server_host_key_blob = packet_get_string(&sbloblen); |
199 | server_host_key = dsa_key_from_blob(server_host_key_blob, sbloblen); | 198 | server_host_key = key_from_blob(server_host_key_blob, sbloblen); |
200 | if (server_host_key == NULL) | 199 | if (server_host_key == NULL) |
201 | fatal("cannot decode server_host_key_blob"); | 200 | fatal("cannot decode server_host_key_blob"); |
202 | 201 | ||
@@ -258,8 +257,8 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
258 | fprintf(stderr, "%02x", (hash[i])&0xff); | 257 | fprintf(stderr, "%02x", (hash[i])&0xff); |
259 | fprintf(stderr, "\n"); | 258 | fprintf(stderr, "\n"); |
260 | #endif | 259 | #endif |
261 | if (dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20) != 1) | 260 | if (key_verify(server_host_key, (unsigned char *)signature, slen, hash, 20) != 1) |
262 | fatal("dsa_verify failed for server_host_key"); | 261 | fatal("key_verify failed for server_host_key"); |
263 | key_free(server_host_key); | 262 | key_free(server_host_key); |
264 | 263 | ||
265 | kex_derive_keys(kex, hash, shared_secret); | 264 | kex_derive_keys(kex, hash, shared_secret); |
@@ -366,7 +365,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
366 | 365 | ||
367 | /* key, cert */ | 366 | /* key, cert */ |
368 | server_host_key_blob = packet_get_string(&sbloblen); | 367 | server_host_key_blob = packet_get_string(&sbloblen); |
369 | server_host_key = dsa_key_from_blob(server_host_key_blob, sbloblen); | 368 | server_host_key = key_from_blob(server_host_key_blob, sbloblen); |
370 | if (server_host_key == NULL) | 369 | if (server_host_key == NULL) |
371 | fatal("cannot decode server_host_key_blob"); | 370 | fatal("cannot decode server_host_key_blob"); |
372 | 371 | ||
@@ -429,8 +428,8 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
429 | fprintf(stderr, "%02x", (hash[i])&0xff); | 428 | fprintf(stderr, "%02x", (hash[i])&0xff); |
430 | fprintf(stderr, "\n"); | 429 | fprintf(stderr, "\n"); |
431 | #endif | 430 | #endif |
432 | if (dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20) != 1) | 431 | if (key_verify(server_host_key, (unsigned char *)signature, slen, hash, 20) != 1) |
433 | fatal("dsa_verify failed for server_host_key"); | 432 | fatal("key_verify failed for server_host_key"); |
434 | key_free(server_host_key); | 433 | key_free(server_host_key); |
435 | 434 | ||
436 | kex_derive_keys(kex, hash, shared_secret); | 435 | kex_derive_keys(kex, hash, shared_secret); |
@@ -485,7 +484,7 @@ Authmethod *authmethod_lookup(const char *name); | |||
485 | Authmethod authmethods[] = { | 484 | Authmethod authmethods[] = { |
486 | {"publickey", | 485 | {"publickey", |
487 | userauth_pubkey, | 486 | userauth_pubkey, |
488 | &options.dsa_authentication, | 487 | &options.pubkey_authentication, |
489 | NULL}, | 488 | NULL}, |
490 | {"password", | 489 | {"password", |
491 | userauth_passwd, | 490 | userauth_passwd, |
@@ -653,8 +652,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) | |||
653 | int ret = -1; | 652 | int ret = -1; |
654 | int have_sig = 1; | 653 | int have_sig = 1; |
655 | 654 | ||
656 | dsa_make_key_blob(k, &blob, &bloblen); | 655 | if (key_to_blob(k, &blob, &bloblen) == 0) { |
657 | 656 | /* we cannot handle this key */ | |
657 | return 0; | ||
658 | } | ||
658 | /* data to be signed */ | 659 | /* data to be signed */ |
659 | buffer_init(&b); | 660 | buffer_init(&b); |
660 | if (datafellows & SSH_OLD_SESSIONID) { | 661 | if (datafellows & SSH_OLD_SESSIONID) { |
@@ -672,7 +673,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) | |||
672 | authctxt->service); | 673 | authctxt->service); |
673 | buffer_put_cstring(&b, authctxt->method->name); | 674 | buffer_put_cstring(&b, authctxt->method->name); |
674 | buffer_put_char(&b, have_sig); | 675 | buffer_put_char(&b, have_sig); |
675 | buffer_put_cstring(&b, KEX_DSS); | 676 | buffer_put_cstring(&b, key_ssh_name(k)); |
676 | buffer_put_string(&b, blob, bloblen); | 677 | buffer_put_string(&b, blob, bloblen); |
677 | 678 | ||
678 | /* generate signature */ | 679 | /* generate signature */ |
@@ -682,7 +683,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) | |||
682 | buffer_free(&b); | 683 | buffer_free(&b); |
683 | return 0; | 684 | return 0; |
684 | } | 685 | } |
685 | #ifdef DEBUG_DSS | 686 | #ifdef DEBUG_PK |
686 | buffer_dump(&b); | 687 | buffer_dump(&b); |
687 | #endif | 688 | #endif |
688 | if (datafellows & SSH_BUG_PUBKEYAUTH) { | 689 | if (datafellows & SSH_BUG_PUBKEYAUTH) { |
@@ -693,7 +694,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) | |||
693 | buffer_put_cstring(&b, authctxt->service); | 694 | buffer_put_cstring(&b, authctxt->service); |
694 | buffer_put_cstring(&b, authctxt->method->name); | 695 | buffer_put_cstring(&b, authctxt->method->name); |
695 | buffer_put_char(&b, have_sig); | 696 | buffer_put_char(&b, have_sig); |
696 | buffer_put_cstring(&b, KEX_DSS); | 697 | buffer_put_cstring(&b, key_ssh_name(k)); |
697 | buffer_put_string(&b, blob, bloblen); | 698 | buffer_put_string(&b, blob, bloblen); |
698 | } | 699 | } |
699 | xfree(blob); | 700 | xfree(blob); |
@@ -719,10 +720,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) | |||
719 | } | 720 | } |
720 | 721 | ||
721 | /* sign callback */ | 722 | /* sign callback */ |
722 | int dsa_sign_cb(Authctxt *authctxt, Key *key, unsigned char **sigp, int *lenp, | 723 | int key_sign_cb(Authctxt *authctxt, Key *key, unsigned char **sigp, int *lenp, |
723 | unsigned char *data, int datalen) | 724 | unsigned char *data, int datalen) |
724 | { | 725 | { |
725 | return dsa_sign(key, sigp, lenp, data, datalen); | 726 | return key_sign(key, sigp, lenp, data, datalen); |
726 | } | 727 | } |
727 | 728 | ||
728 | int | 729 | int |
@@ -738,14 +739,13 @@ userauth_pubkey_identity(Authctxt *authctxt, char *filename) | |||
738 | } | 739 | } |
739 | debug("try pubkey: %s", filename); | 740 | debug("try pubkey: %s", filename); |
740 | 741 | ||
741 | k = key_new(KEY_DSA); | 742 | k = key_new(KEY_UNSPEC); |
742 | if (!load_private_key(filename, "", k, NULL)) { | 743 | if (!load_private_key(filename, "", k, NULL)) { |
743 | int success = 0; | 744 | int success = 0; |
744 | char *passphrase; | 745 | char *passphrase; |
745 | char prompt[300]; | 746 | char prompt[300]; |
746 | snprintf(prompt, sizeof prompt, | 747 | snprintf(prompt, sizeof prompt, |
747 | "Enter passphrase for %s key '%.100s': ", | 748 | "Enter passphrase for key '%.100s': ", filename); |
748 | key_type(k), filename); | ||
749 | for (i = 0; i < options.number_of_password_prompts; i++) { | 749 | for (i = 0; i < options.number_of_password_prompts; i++) { |
750 | passphrase = read_passphrase(prompt, 0); | 750 | passphrase = read_passphrase(prompt, 0); |
751 | if (strcmp(passphrase, "") != 0) { | 751 | if (strcmp(passphrase, "") != 0) { |
@@ -766,7 +766,7 @@ userauth_pubkey_identity(Authctxt *authctxt, char *filename) | |||
766 | return 0; | 766 | return 0; |
767 | } | 767 | } |
768 | } | 768 | } |
769 | ret = sign_and_send_pubkey(authctxt, k, dsa_sign_cb); | 769 | ret = sign_and_send_pubkey(authctxt, k, key_sign_cb); |
770 | key_free(k); | 770 | key_free(k); |
771 | return ret; | 771 | return ret; |
772 | } | 772 | } |
@@ -782,24 +782,26 @@ int | |||
782 | userauth_pubkey_agent(Authctxt *authctxt) | 782 | userauth_pubkey_agent(Authctxt *authctxt) |
783 | { | 783 | { |
784 | static int called = 0; | 784 | static int called = 0; |
785 | int ret = 0; | ||
785 | char *comment; | 786 | char *comment; |
786 | Key *k; | 787 | Key *k; |
787 | int ret; | ||
788 | 788 | ||
789 | if (called == 0) { | 789 | if (called == 0) { |
790 | k = ssh_get_first_identity(authctxt->agent, &comment, 2); | 790 | if (ssh_get_num_identities(authctxt->agent, 2) == 0) |
791 | debug2("userauth_pubkey_agent: no keys at all"); | ||
791 | called = 1; | 792 | called = 1; |
792 | } else { | ||
793 | k = ssh_get_next_identity(authctxt->agent, &comment, 2); | ||
794 | } | 793 | } |
794 | k = ssh_get_next_identity(authctxt->agent, &comment, 2); | ||
795 | if (k == NULL) { | 795 | if (k == NULL) { |
796 | debug2("no more DSA keys from agent"); | 796 | debug2("userauth_pubkey_agent: no more keys"); |
797 | return 0; | 797 | } else { |
798 | debug("userauth_pubkey_agent: trying agent key %s", comment); | ||
799 | xfree(comment); | ||
800 | ret = sign_and_send_pubkey(authctxt, k, agent_sign_cb); | ||
801 | key_free(k); | ||
798 | } | 802 | } |
799 | debug("trying DSA agent key %s", comment); | 803 | if (ret == 0) |
800 | xfree(comment); | 804 | debug2("userauth_pubkey_agent: no message sent"); |
801 | ret = sign_and_send_pubkey(authctxt, k, agent_sign_cb); | ||
802 | key_free(k); | ||
803 | return ret; | 805 | return ret; |
804 | } | 806 | } |
805 | 807 | ||
@@ -809,10 +811,17 @@ userauth_pubkey(Authctxt *authctxt) | |||
809 | static int idx = 0; | 811 | static int idx = 0; |
810 | int sent = 0; | 812 | int sent = 0; |
811 | 813 | ||
812 | if (authctxt->agent != NULL) | 814 | if (authctxt->agent != NULL) { |
813 | sent = userauth_pubkey_agent(authctxt); | 815 | do { |
814 | while (sent == 0 && idx < options.num_identity_files2) | 816 | sent = userauth_pubkey_agent(authctxt); |
815 | sent = userauth_pubkey_identity(authctxt, options.identity_files2[idx++]); | 817 | } while(!sent && authctxt->agent->howmany > 0); |
818 | } | ||
819 | while (!sent && idx < options.num_identity_files) { | ||
820 | if (options.identity_files_type[idx] != KEY_RSA1) | ||
821 | sent = userauth_pubkey_identity(authctxt, | ||
822 | options.identity_files[idx]); | ||
823 | idx++; | ||
824 | } | ||
816 | return sent; | 825 | return sent; |
817 | } | 826 | } |
818 | 827 | ||