tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- jakob@cvs.openbsd.org 2001/12/18 10:06:24 

[auth-rsa.c]
     log fingerprint on successful public key authentication, simplify usage of key structs; ok markus@
This commit is contained in:
Damien Miller 2001-12-21 12:52:39 +11:00
parent da9edcabf8
commit 89681214ca
2 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -24,6 +24,10 @@
- jakob@cvs.openbsd.org 2001/12/18 10:05:15 - jakob@cvs.openbsd.org 2001/12/18 10:05:15
[auth2.c] [auth2.c]
log fingerprint on successful public key authentication; ok markus@ log fingerprint on successful public key authentication; ok markus@
- jakob@cvs.openbsd.org 2001/12/18 10:06:24
[auth-rsa.c]
log fingerprint on successful public key authentication, simplify
usage of key structs; ok markus@
20011219 20011219
- (stevesk) OpenBSD CVS sync X11 localhost display - (stevesk) OpenBSD CVS sync X11 localhost display
@ -7052,4 +7056,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1699 2001/12/21 01:48:54 djm Exp $ $Id: ChangeLog,v 1.1700 2001/12/21 01:52:39 djm Exp $

28
auth-rsa.c
View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth-rsa.c,v 1.45 2001/11/29 22:08:48 markus Exp $"); RCSID("$OpenBSD: auth-rsa.c,v 1.46 2001/12/18 10:06:24 jakob Exp $");
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -31,6 +31,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.45 2001/11/29 22:08:48 markus Exp $");
#include "log.h" #include "log.h"
#include "servconf.h" #include "servconf.h"
#include "auth.h" #include "auth.h"
#include "hostfile.h"
/* import */ /* import */
extern ServerOptions options; extern ServerOptions options;
@ -128,7 +129,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
FILE *f; FILE *f;
u_long linenum = 0; u_long linenum = 0;
struct stat st; struct stat st;
RSA *pk; Key *key;
char *fp;
/* no user given */ /* no user given */
if (pw == NULL) if (pw == NULL)
@ -170,9 +172,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
/* Flag indicating whether authentication has succeeded. */ /* Flag indicating whether authentication has succeeded. */
authenticated = 0; authenticated = 0;
pk = RSA_new(); key = key_new(KEY_RSA1);
pk->e = BN_new();
pk->n = BN_new();
/* /*
* Go though the accepted keys, looking for the current key. If * Go though the accepted keys, looking for the current key. If
@ -210,7 +210,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
options = NULL; options = NULL;
/* Parse the key from the line. */ /* Parse the key from the line. */
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { if (hostfile_read_key(&cp, &bits, key) == 0) {
debug("%.100s, line %lu: non ssh1 key syntax", debug("%.100s, line %lu: non ssh1 key syntax",
file, linenum); file, linenum);
continue; continue;
@ -218,14 +218,14 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
/* cp now points to the comment part. */ /* cp now points to the comment part. */
/* Check if the we have found the desired key (identified by its modulus). */ /* Check if the we have found the desired key (identified by its modulus). */
if (BN_cmp(pk->n, client_n) != 0) if (BN_cmp(key->rsa->n, client_n) != 0)
continue; continue;
/* check the real bits */ /* check the real bits */
if (bits != BN_num_bits(pk->n)) if (bits != BN_num_bits(key->rsa->n))
log("Warning: %s, line %lu: keysize mismatch: " log("Warning: %s, line %lu: keysize mismatch: "
"actual %d vs. announced %d.", "actual %d vs. announced %d.",
file, linenum, BN_num_bits(pk->n), bits); file, linenum, BN_num_bits(key->rsa->n), bits);
/* We have found the desired key. */ /* We have found the desired key. */
/* /*
@ -236,7 +236,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
continue; continue;
/* Perform the challenge-response dialog for this key. */ /* Perform the challenge-response dialog for this key. */
if (!auth_rsa_challenge_dialog(pk)) { if (!auth_rsa_challenge_dialog(key->rsa)) {
/* Wrong response. */ /* Wrong response. */
verbose("Wrong response to RSA authentication challenge."); verbose("Wrong response to RSA authentication challenge.");
packet_send_debug("Wrong response to RSA authentication challenge."); packet_send_debug("Wrong response to RSA authentication challenge.");
@ -255,6 +255,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
* otherwise continue searching. * otherwise continue searching.
*/ */
authenticated = 1; authenticated = 1;
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
verbose("Found matching %s key: %s",
key_type(key), fp);
xfree(fp);
break; break;
} }
@ -265,7 +271,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
xfree(file); xfree(file);
fclose(f); fclose(f);
RSA_free(pk); key_free(key);
if (authenticated) if (authenticated)
packet_send_debug("RSA authentication accepted."); packet_send_debug("RSA authentication accepted.");