tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-29 16:54:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2001/12/27 19:54:53

Browse Source 
[auth1.c auth.h auth-rh-rsa.c]
     auth_rhosts_rsa now accept generic keys.
This commit is contained in:
Damien Miller 2002-01-22 23:11:00 +11:00
parent 9ef95ddcaf
commit d221ca6cc9
4 changed files with 14 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -48,6 +48,9 @@
- markus@cvs.openbsd.org 2001/12/27 19:37:23 - markus@cvs.openbsd.org 2001/12/27 19:37:23
[dh.c kexdh.c kexgex.c] [dh.c kexdh.c kexgex.c]
always use BN_clear_free instead of BN_free always use BN_clear_free instead of BN_free
- markus@cvs.openbsd.org 2001/12/27 19:54:53
[auth1.c auth.h auth-rh-rsa.c]
auth_rhosts_rsa now accept generic keys.
20020121 20020121
- (djm) Rework ssh-rand-helper: - (djm) Rework ssh-rand-helper:
@ -7195,4 +7198,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.1736 2002/01/22 12:10:33 djm Exp $ $Id: ChangeLog,v 1.1737 2002/01/22 12:11:00 djm Exp $

20
auth-rh-rsa.c
View File

@ -13,7 +13,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $"); RCSID("$OpenBSD: auth-rh-rsa.c,v 1.27 2001/12/27 19:54:53 markus Exp $");
#include "packet.h" #include "packet.h"
#include "xmalloc.h" #include "xmalloc.h"
@ -32,16 +32,15 @@ RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $");
*/ */
int int
auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key) auth_rhosts_rsa(struct passwd *pw, const char *client_user, Key *client_host_key)
{ {
extern ServerOptions options; extern ServerOptions options;
const char *canonical_hostname; const char *canonical_hostname;
HostStatus host_status; HostStatus host_status;
Key *client_key;
debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);
if (pw == NULL || client_host_key == NULL) if (pw == NULL || client_host_key == NULL || client_host_key->rsa == NULL)
return 0; return 0;
/* Check if we would accept it using rhosts authentication. */ /* Check if we would accept it using rhosts authentication. */
@ -53,17 +52,10 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
/* wrap the RSA key into a 'generic' key */ host_status = check_key_in_hostfiles(pw, client_host_key,
client_key = key_new(KEY_RSA1); canonical_hostname, _PATH_SSH_SYSTEM_HOSTFILE,
BN_copy(client_key->rsa->e, client_host_key->e);
BN_copy(client_key->rsa->n, client_host_key->n);
host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,
_PATH_SSH_SYSTEM_HOSTFILE,
options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
key_free(client_key);
if (host_status != HOST_OK) { if (host_status != HOST_OK) {
debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
@ -72,7 +64,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
/* A matching host key was found and is known. */ /* A matching host key was found and is known. */
/* Perform the challenge-response dialog with the client for the host key. */ /* Perform the challenge-response dialog with the client for the host key. */
if (!auth_rsa_challenge_dialog(client_host_key)) { if (!auth_rsa_challenge_dialog(client_host_key->rsa)) {
log("Client on %.800s failed to respond correctly to host authentication.", log("Client on %.800s failed to respond correctly to host authentication.",
canonical_hostname); canonical_hostname);
return 0; return 0;

4
auth.h
View File

@ -21,7 +21,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* *
* $OpenBSD: auth.h,v 1.25 2001/12/19 07:18:56 deraadt Exp $ * $OpenBSD: auth.h,v 1.26 2001/12/27 19:54:53 markus Exp $
*/ */
#ifndef AUTH_H #ifndef AUTH_H
#define AUTH_H #define AUTH_H
@ -91,7 +91,7 @@ int auth_rhosts(struct passwd *, const char *);
int int
auth_rhosts2(struct passwd *, const char *, const char *, const char *); auth_rhosts2(struct passwd *, const char *, const char *, const char *);
int auth_rhosts_rsa(struct passwd *, const char *, RSA *); int auth_rhosts_rsa(struct passwd *, const char *, Key *);
int auth_password(Authctxt *, const char *); int auth_password(Authctxt *, const char *);
int auth_rsa(struct passwd *, BIGNUM *); int auth_rsa(struct passwd *, BIGNUM *);
int auth_rsa_challenge_dialog(RSA *); int auth_rsa_challenge_dialog(RSA *);

4
auth1.c
View File

@ -10,7 +10,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth1.c,v 1.29 2001/12/27 18:22:16 markus Exp $"); RCSID("$OpenBSD: auth1.c,v 1.30 2001/12/27 19:54:53 markus Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "rsa.h" #include "rsa.h"
@ -214,7 +214,7 @@ do_authloop(Authctxt *authctxt)
packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type); packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
authenticated = auth_rhosts_rsa(pw, client_user, authenticated = auth_rhosts_rsa(pw, client_user,
client_host_key->rsa); client_host_key);
key_free(client_host_key); key_free(client_host_key);
snprintf(info, sizeof info, " ruser %.100s", client_user); snprintf(info, sizeof info, " ruser %.100s", client_user);