From d221ca6cc96082a27ae9b4a7a0600d8ac8b1b2d7 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 22 Jan 2002 23:11:00 +1100
Subject:    - markus@cvs.openbsd.org 2001/12/27 19:54:53      [auth1.c auth.h
 auth-rh-rsa.c]      auth_rhosts_rsa now accept generic keys.

---
 ChangeLog     |  5 ++++-
 auth-rh-rsa.c | 20 ++++++--------------
 auth.h        |  4 ++--
 auth1.c       |  4 ++--
 4 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 635f4c23b..0c3b37f11 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -48,6 +48,9 @@
    - markus@cvs.openbsd.org 2001/12/27 19:37:23
      [dh.c kexdh.c kexgex.c]
      always use BN_clear_free instead of BN_free
+   - markus@cvs.openbsd.org 2001/12/27 19:54:53
+     [auth1.c auth.h auth-rh-rsa.c]
+     auth_rhosts_rsa now accept generic keys.
 
 20020121
  - (djm) Rework ssh-rand-helper:
@@ -7195,4 +7198,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1736 2002/01/22 12:10:33 djm Exp $
+$Id: ChangeLog,v 1.1737 2002/01/22 12:11:00 djm Exp $
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 8a486b330..e8d22a041 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.27 2001/12/27 19:54:53 markus Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -32,16 +32,15 @@ RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $");
  */
 
 int
-auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
+auth_rhosts_rsa(struct passwd *pw, const char *client_user, Key *client_host_key)
 {
 	extern ServerOptions options;
 	const char *canonical_hostname;
 	HostStatus host_status;
-	Key *client_key;
 
 	debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);
 
-	if (pw == NULL || client_host_key == NULL)
+	if (pw == NULL || client_host_key == NULL || client_host_key->rsa == NULL)
 		return 0;
 
 	/* Check if we would accept it using rhosts authentication. */
@@ -53,17 +52,10 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
 
 	debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
 
-	/* wrap the RSA key into a 'generic' key */
-	client_key = key_new(KEY_RSA1);
-	BN_copy(client_key->rsa->e, client_host_key->e);
-	BN_copy(client_key->rsa->n, client_host_key->n);
-
-	host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,
-	    _PATH_SSH_SYSTEM_HOSTFILE,
+	host_status = check_key_in_hostfiles(pw, client_host_key,
+	    canonical_hostname, _PATH_SSH_SYSTEM_HOSTFILE,
 	    options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
 
-	key_free(client_key);
-
 	if (host_status != HOST_OK) {
 		debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
 		packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
@@ -72,7 +64,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
 	/* A matching host key was found and is known. */
 
 	/* Perform the challenge-response dialog with the client for the host key. */
-	if (!auth_rsa_challenge_dialog(client_host_key)) {
+	if (!auth_rsa_challenge_dialog(client_host_key->rsa)) {
 		log("Client on %.800s failed to respond correctly to host authentication.",
 		    canonical_hostname);
 		return 0;
diff --git a/auth.h b/auth.h
index 017871952..ef2772d89 100644
--- a/auth.h
+++ b/auth.h
@@ -21,7 +21,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $OpenBSD: auth.h,v 1.25 2001/12/19 07:18:56 deraadt Exp $
+ * $OpenBSD: auth.h,v 1.26 2001/12/27 19:54:53 markus Exp $
  */
 #ifndef AUTH_H
 #define AUTH_H
@@ -91,7 +91,7 @@ int     auth_rhosts(struct passwd *, const char *);
 int
 auth_rhosts2(struct passwd *, const char *, const char *, const char *);
 
-int	 auth_rhosts_rsa(struct passwd *, const char *, RSA *);
+int	 auth_rhosts_rsa(struct passwd *, const char *, Key *);
 int      auth_password(Authctxt *, const char *);
 int      auth_rsa(struct passwd *, BIGNUM *);
 int      auth_rsa_challenge_dialog(RSA *);
diff --git a/auth1.c b/auth1.c
index 921a1757a..766053c97 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.29 2001/12/27 18:22:16 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.30 2001/12/27 19:54:53 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -214,7 +214,7 @@ do_authloop(Authctxt *authctxt)
 			packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
 
 			authenticated = auth_rhosts_rsa(pw, client_user,
-			    client_host_key->rsa);
+			    client_host_key);
 			key_free(client_host_key);
 
 			snprintf(info, sizeof info, " ruser %.100s", client_user);
-- 
cgit v1.2.3