1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * RSA-based authentication. This code determines whether to admit a login 6 * based on RSA authentication. This file also contains functions to check 7 * validity of the host key. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16#include "includes.h" |
17RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); |
18 19#include <openssl/rsa.h> 20#include <openssl/md5.h> 21 22#include "rsa.h" 23#include "packet.h" 24#include "xmalloc.h" 25#include "ssh1.h" |
26#include "uidswap.h" 27#include "match.h" 28#include "auth-options.h" 29#include "pathnames.h" 30#include "log.h" 31#include "servconf.h" 32#include "auth.h" 33#include "hostfile.h" --- 164 unchanged lines hidden (view full) --- 198 199 /* 200 * Go though the accepted keys, looking for the current key. If 201 * found, perform a challenge-response dialog to verify that the 202 * user really has the corresponding private key. 203 */ 204 while (fgets(line, sizeof(line), f)) { 205 char *cp; |
206 char *key_options; |
207 208 linenum++; 209 210 /* Skip leading whitespace, empty and comment lines. */ 211 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 212 ; 213 if (!*cp || *cp == '\n' || *cp == '#') 214 continue; 215 216 /* 217 * Check if there are options for this key, and if so, 218 * save their starting address and skip the option part 219 * for now. If there are no options, set the starting 220 * address to NULL. 221 */ 222 if (*cp < '0' || *cp > '9') { 223 int quoted = 0; |
224 key_options = cp; |
225 for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { 226 if (*cp == '\\' && cp[1] == '"') 227 cp++; /* Skip both */ 228 else if (*cp == '"') 229 quoted = !quoted; 230 } 231 } else |
232 key_options = NULL; |
233 234 /* Parse the key from the line. */ 235 if (hostfile_read_key(&cp, &bits, key) == 0) { 236 debug("%.100s, line %lu: non ssh1 key syntax", 237 file, linenum); 238 continue; 239 } 240 /* cp now points to the comment part. */ --- 8 unchanged lines hidden (view full) --- 249 "actual %d vs. announced %d.", 250 file, linenum, BN_num_bits(key->rsa->n), bits); 251 252 /* We have found the desired key. */ 253 /* 254 * If our options do not allow this key to be used, 255 * do not send challenge. 256 */ |
257 if (!auth_parse_options(pw, key_options, file, linenum)) |
258 continue; 259 260 /* break out, this key is allowed */ 261 allowed = 1; 262 break; 263 } 264 265 /* Restore the privileged uid. */ --- 62 unchanged lines hidden --- |