auth-rsa.c (137019) | auth-rsa.c (147005) |
---|---|
1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * RSA-based authentication. This code determines whether to admit a login 6 * based on RSA authentication. This file also contains functions to check 7 * validity of the host key. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16#include "includes.h" | 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * RSA-based authentication. This code determines whether to admit a login 6 * based on RSA authentication. This file also contains functions to check 7 * validity of the host key. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16#include "includes.h" |
17RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); | 17RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $"); |
18 19#include <openssl/rsa.h> 20#include <openssl/md5.h> 21 22#include "rsa.h" 23#include "packet.h" 24#include "xmalloc.h" 25#include "ssh1.h" 26#include "uidswap.h" 27#include "match.h" 28#include "auth-options.h" 29#include "pathnames.h" 30#include "log.h" 31#include "servconf.h" 32#include "auth.h" 33#include "hostfile.h" 34#include "monitor_wrap.h" 35#include "ssh.h" | 18 19#include <openssl/rsa.h> 20#include <openssl/md5.h> 21 22#include "rsa.h" 23#include "packet.h" 24#include "xmalloc.h" 25#include "ssh1.h" 26#include "uidswap.h" 27#include "match.h" 28#include "auth-options.h" 29#include "pathnames.h" 30#include "log.h" 31#include "servconf.h" 32#include "auth.h" 33#include "hostfile.h" 34#include "monitor_wrap.h" 35#include "ssh.h" |
36#include "misc.h" |
|
36 37/* import */ 38extern ServerOptions options; 39 40/* 41 * Session identifier that is used to bind key exchange and authentication 42 * responses to a particular session. 43 */ 44extern u_char session_id[16]; 45 46/* 47 * The .ssh/authorized_keys file contains public keys, one per line, in the 48 * following format: 49 * options bits e n comment 50 * where bits, e and n are decimal numbers, 51 * and comment is any string of characters up to newline. The maximum | 37 38/* import */ 39extern ServerOptions options; 40 41/* 42 * Session identifier that is used to bind key exchange and authentication 43 * responses to a particular session. 44 */ 45extern u_char session_id[16]; 46 47/* 48 * The .ssh/authorized_keys file contains public keys, one per line, in the 49 * following format: 50 * options bits e n comment 51 * where bits, e and n are decimal numbers, 52 * and comment is any string of characters up to newline. The maximum |
52 * length of a line is 8000 characters. See the documentation for a | 53 * length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a |
53 * description of the options. 54 */ 55 56BIGNUM * 57auth_rsa_generate_challenge(Key *key) 58{ 59 BIGNUM *challenge; 60 BN_CTX *ctx; --- 86 unchanged lines hidden (view full) --- 147/* 148 * check if there's user key matching client_n, 149 * return key if login is allowed, NULL otherwise 150 */ 151 152int 153auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) 154{ | 54 * description of the options. 55 */ 56 57BIGNUM * 58auth_rsa_generate_challenge(Key *key) 59{ 60 BIGNUM *challenge; 61 BN_CTX *ctx; --- 86 unchanged lines hidden (view full) --- 148/* 149 * check if there's user key matching client_n, 150 * return key if login is allowed, NULL otherwise 151 */ 152 153int 154auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) 155{ |
155 char line[8192], *file; | 156 char line[SSH_MAX_PUBKEY_BYTES], *file; |
156 int allowed = 0; 157 u_int bits; 158 FILE *f; 159 u_long linenum = 0; 160 struct stat st; 161 Key *key; 162 163 /* Temporarily use the user's uid. */ --- 32 unchanged lines hidden (view full) --- 196 197 key = key_new(KEY_RSA1); 198 199 /* 200 * Go though the accepted keys, looking for the current key. If 201 * found, perform a challenge-response dialog to verify that the 202 * user really has the corresponding private key. 203 */ | 157 int allowed = 0; 158 u_int bits; 159 FILE *f; 160 u_long linenum = 0; 161 struct stat st; 162 Key *key; 163 164 /* Temporarily use the user's uid. */ --- 32 unchanged lines hidden (view full) --- 197 198 key = key_new(KEY_RSA1); 199 200 /* 201 * Go though the accepted keys, looking for the current key. If 202 * found, perform a challenge-response dialog to verify that the 203 * user really has the corresponding private key. 204 */ |
204 while (fgets(line, sizeof(line), f)) { | 205 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
205 char *cp; 206 char *key_options; 207 | 206 char *cp; 207 char *key_options; 208 |
208 linenum++; 209 | |
210 /* Skip leading whitespace, empty and comment lines. */ 211 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 212 ; 213 if (!*cp || *cp == '\n' || *cp == '#') 214 continue; 215 216 /* 217 * Check if there are options for this key, and if so, --- 110 unchanged lines hidden --- | 209 /* Skip leading whitespace, empty and comment lines. */ 210 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 211 ; 212 if (!*cp || *cp == '\n' || *cp == '#') 213 continue; 214 215 /* 216 * Check if there are options for this key, and if so, --- 110 unchanged lines hidden --- |