1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * RSA-based authentication. This code determines whether to admit a login
6 * based on RSA authentication. This file also contains functions to check
7 * validity of the host key.
8 *
9 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 */
15
16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
18
19#include <openssl/rsa.h>
20#include <openssl/md5.h>
21
22#include "rsa.h"
23#include "packet.h"
24#include "xmalloc.h"
25#include "ssh1.h"
26#include "mpaux.h"
27#include "uidswap.h"
28#include "match.h"
29#include "auth-options.h"
30#include "pathnames.h"
31#include "log.h"
32#include "servconf.h"
33#include "auth.h"
34#include "hostfile.h"
--- 164 unchanged lines hidden (view full) ---
199
200 /*
201 * Go though the accepted keys, looking for the current key. If
202 * found, perform a challenge-response dialog to verify that the
203 * user really has the corresponding private key.
204 */
205 while (fgets(line, sizeof(line), f)) {
206 char *cp;
207 char *options;
208
209 linenum++;
210
211 /* Skip leading whitespace, empty and comment lines. */
212 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
213 ;
214 if (!*cp || *cp == '\n' || *cp == '#')
215 continue;
216
217 /*
218 * Check if there are options for this key, and if so,
219 * save their starting address and skip the option part
220 * for now. If there are no options, set the starting
221 * address to NULL.
222 */
223 if (*cp < '0' || *cp > '9') {
224 int quoted = 0;
225 options = cp;
226 for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
227 if (*cp == '\\' && cp[1] == '"')
228 cp++; /* Skip both */
229 else if (*cp == '"')
230 quoted = !quoted;
231 }
232 } else
233 options = NULL;
234
235 /* Parse the key from the line. */
236 if (hostfile_read_key(&cp, &bits, key) == 0) {
237 debug("%.100s, line %lu: non ssh1 key syntax",
238 file, linenum);
239 continue;
240 }
241 /* cp now points to the comment part. */
--- 8 unchanged lines hidden (view full) ---
250 "actual %d vs. announced %d.",
251 file, linenum, BN_num_bits(key->rsa->n), bits);
252
253 /* We have found the desired key. */
254 /*
255 * If our options do not allow this key to be used,
256 * do not send challenge.
257 */
258 if (!auth_parse_options(pw, options, file, linenum))
259 continue;
260
261 /* break out, this key is allowed */
262 allowed = 1;
263 break;
264 }
265
266 /* Restore the privileged uid. */
--- 62 unchanged lines hidden ---
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * RSA-based authentication. This code determines whether to admit a login
6 * based on RSA authentication. This file also contains functions to check
7 * validity of the host key.
8 *
9 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 */
15
16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
18
19#include <openssl/rsa.h>
20#include <openssl/md5.h>
21
22#include "rsa.h"
23#include "packet.h"
24#include "xmalloc.h"
25#include "ssh1.h"
26#include "mpaux.h"
27#include "uidswap.h"
28#include "match.h"
29#include "auth-options.h"
30#include "pathnames.h"
31#include "log.h"
32#include "servconf.h"
33#include "auth.h"
34#include "hostfile.h"
--- 164 unchanged lines hidden (view full) ---
199
200 /*
201 * Go though the accepted keys, looking for the current key. If
202 * found, perform a challenge-response dialog to verify that the
203 * user really has the corresponding private key.
204 */
205 while (fgets(line, sizeof(line), f)) {
206 char *cp;
207 char *options;
208
209 linenum++;
210
211 /* Skip leading whitespace, empty and comment lines. */
212 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
213 ;
214 if (!*cp || *cp == '\n' || *cp == '#')
215 continue;
216
217 /*
218 * Check if there are options for this key, and if so,
219 * save their starting address and skip the option part
220 * for now. If there are no options, set the starting
221 * address to NULL.
222 */
223 if (*cp < '0' || *cp > '9') {
224 int quoted = 0;
225 options = cp;
226 for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
227 if (*cp == '\\' && cp[1] == '"')
228 cp++; /* Skip both */
229 else if (*cp == '"')
230 quoted = !quoted;
231 }
232 } else
233 options = NULL;
234
235 /* Parse the key from the line. */
236 if (hostfile_read_key(&cp, &bits, key) == 0) {
237 debug("%.100s, line %lu: non ssh1 key syntax",
238 file, linenum);
239 continue;
240 }
241 /* cp now points to the comment part. */
--- 8 unchanged lines hidden (view full) ---
250 "actual %d vs. announced %d.",
251 file, linenum, BN_num_bits(key->rsa->n), bits);
252
253 /* We have found the desired key. */
254 /*
255 * If our options do not allow this key to be used,
256 * do not send challenge.
257 */
258 if (!auth_parse_options(pw, options, file, linenum))
259 continue;
260
261 /* break out, this key is allowed */
262 allowed = 1;
263 break;
264 }
265
266 /* Restore the privileged uid. */
--- 62 unchanged lines hidden ---