1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * RSA-based authentication. This code determines whether to admit a login
6 * based on RSA authentication. This file also contains functions to check
7 * validity of the host key.
8 *
9 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 */
15
16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
18
19#include <openssl/rsa.h>
20#include <openssl/md5.h>
21
22#include "rsa.h"
23#include "packet.h"
24#include "xmalloc.h"
25#include "ssh1.h"
26#include "uidswap.h"
27#include "match.h"
28#include "auth-options.h"
29#include "pathnames.h"
30#include "log.h"
31#include "servconf.h"
32#include "auth.h"
33#include "hostfile.h"
34#include "monitor_wrap.h"
35#include "ssh.h"
36
37/* import */
38extern ServerOptions options;
39
40/*
41 * Session identifier that is used to bind key exchange and authentication
42 * responses to a particular session.
43 */
44extern u_char session_id[16];
45
46/*
47 * The .ssh/authorized_keys file contains public keys, one per line, in the
48 * following format:
49 * options bits e n comment
50 * where bits, e and n are decimal numbers,
51 * and comment is any string of characters up to newline. The maximum
52 * length of a line is 8000 characters. See the documentation for a
53 * description of the options.
54 */
55
56BIGNUM *
57auth_rsa_generate_challenge(Key *key)
58{
59 BIGNUM *challenge;
60 BN_CTX *ctx;
--- 86 unchanged lines hidden (view full) ---
147/*
148 * check if there's user key matching client_n,
149 * return key if login is allowed, NULL otherwise
150 */
151
152int
153auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
154{
155 char line[8192], *file;
156 int allowed = 0;
157 u_int bits;
158 FILE *f;
159 u_long linenum = 0;
160 struct stat st;
161 Key *key;
162
163 /* Temporarily use the user's uid. */
--- 32 unchanged lines hidden (view full) ---
196
197 key = key_new(KEY_RSA1);
198
199 /*
200 * Go though the accepted keys, looking for the current key. If
201 * found, perform a challenge-response dialog to verify that the
202 * user really has the corresponding private key.
203 */
204 while (fgets(line, sizeof(line), f)) {
205 char *cp;
206 char *key_options;
207
208 linenum++;
209
210 /* Skip leading whitespace, empty and comment lines. */
211 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
212 ;
213 if (!*cp || *cp == '\n' || *cp == '#')
214 continue;
215
216 /*
217 * Check if there are options for this key, and if so,
--- 110 unchanged lines hidden ---
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * RSA-based authentication. This code determines whether to admit a login
6 * based on RSA authentication. This file also contains functions to check
7 * validity of the host key.
8 *
9 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 */
15
16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
18
19#include <openssl/rsa.h>
20#include <openssl/md5.h>
21
22#include "rsa.h"
23#include "packet.h"
24#include "xmalloc.h"
25#include "ssh1.h"
26#include "uidswap.h"
27#include "match.h"
28#include "auth-options.h"
29#include "pathnames.h"
30#include "log.h"
31#include "servconf.h"
32#include "auth.h"
33#include "hostfile.h"
34#include "monitor_wrap.h"
35#include "ssh.h"
36
37/* import */
38extern ServerOptions options;
39
40/*
41 * Session identifier that is used to bind key exchange and authentication
42 * responses to a particular session.
43 */
44extern u_char session_id[16];
45
46/*
47 * The .ssh/authorized_keys file contains public keys, one per line, in the
48 * following format:
49 * options bits e n comment
50 * where bits, e and n are decimal numbers,
51 * and comment is any string of characters up to newline. The maximum
52 * length of a line is 8000 characters. See the documentation for a
53 * description of the options.
54 */
55
56BIGNUM *
57auth_rsa_generate_challenge(Key *key)
58{
59 BIGNUM *challenge;
60 BN_CTX *ctx;
--- 86 unchanged lines hidden (view full) ---
147/*
148 * check if there's user key matching client_n,
149 * return key if login is allowed, NULL otherwise
150 */
151
152int
153auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
154{
155 char line[8192], *file;
156 int allowed = 0;
157 u_int bits;
158 FILE *f;
159 u_long linenum = 0;
160 struct stat st;
161 Key *key;
162
163 /* Temporarily use the user's uid. */
--- 32 unchanged lines hidden (view full) ---
196
197 key = key_new(KEY_RSA1);
198
199 /*
200 * Go though the accepted keys, looking for the current key. If
201 * found, perform a challenge-response dialog to verify that the
202 * user really has the corresponding private key.
203 */
204 while (fgets(line, sizeof(line), f)) {
205 char *cp;
206 char *key_options;
207
208 linenum++;
209
210 /* Skip leading whitespace, empty and comment lines. */
211 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
212 ;
213 if (!*cp || *cp == '\n' || *cp == '#')
214 continue;
215
216 /*
217 * Check if there are options for this key, and if so,
--- 110 unchanged lines hidden ---