auth-rsa.c (126277) | auth-rsa.c (137019) |
---|---|
1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * RSA-based authentication. This code determines whether to admit a login 6 * based on RSA authentication. This file also contains functions to check 7 * validity of the host key. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16#include "includes.h" | 1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * RSA-based authentication. This code determines whether to admit a login 6 * based on RSA authentication. This file also contains functions to check 7 * validity of the host key. 8 * 9 * As far as I am concerned, the code I have written for this software 10 * can be used freely for any purpose. Any derived versions of this 11 * software must be clearly marked as such, and if the derived work is 12 * incompatible with the protocol description in the RFC file, it must be 13 * called by a name other than "ssh" or "Secure Shell". 14 */ 15 16#include "includes.h" |
17RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); | 17RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); |
18 19#include <openssl/rsa.h> 20#include <openssl/md5.h> 21 22#include "rsa.h" 23#include "packet.h" 24#include "xmalloc.h" 25#include "ssh1.h" | 18 19#include <openssl/rsa.h> 20#include <openssl/md5.h> 21 22#include "rsa.h" 23#include "packet.h" 24#include "xmalloc.h" 25#include "ssh1.h" |
26#include "mpaux.h" | |
27#include "uidswap.h" 28#include "match.h" 29#include "auth-options.h" 30#include "pathnames.h" 31#include "log.h" 32#include "servconf.h" 33#include "auth.h" 34#include "hostfile.h" --- 164 unchanged lines hidden (view full) --- 199 200 /* 201 * Go though the accepted keys, looking for the current key. If 202 * found, perform a challenge-response dialog to verify that the 203 * user really has the corresponding private key. 204 */ 205 while (fgets(line, sizeof(line), f)) { 206 char *cp; | 26#include "uidswap.h" 27#include "match.h" 28#include "auth-options.h" 29#include "pathnames.h" 30#include "log.h" 31#include "servconf.h" 32#include "auth.h" 33#include "hostfile.h" --- 164 unchanged lines hidden (view full) --- 198 199 /* 200 * Go though the accepted keys, looking for the current key. If 201 * found, perform a challenge-response dialog to verify that the 202 * user really has the corresponding private key. 203 */ 204 while (fgets(line, sizeof(line), f)) { 205 char *cp; |
207 char *options; | 206 char *key_options; |
208 209 linenum++; 210 211 /* Skip leading whitespace, empty and comment lines. */ 212 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 213 ; 214 if (!*cp || *cp == '\n' || *cp == '#') 215 continue; 216 217 /* 218 * Check if there are options for this key, and if so, 219 * save their starting address and skip the option part 220 * for now. If there are no options, set the starting 221 * address to NULL. 222 */ 223 if (*cp < '0' || *cp > '9') { 224 int quoted = 0; | 207 208 linenum++; 209 210 /* Skip leading whitespace, empty and comment lines. */ 211 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 212 ; 213 if (!*cp || *cp == '\n' || *cp == '#') 214 continue; 215 216 /* 217 * Check if there are options for this key, and if so, 218 * save their starting address and skip the option part 219 * for now. If there are no options, set the starting 220 * address to NULL. 221 */ 222 if (*cp < '0' || *cp > '9') { 223 int quoted = 0; |
225 options = cp; | 224 key_options = cp; |
226 for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { 227 if (*cp == '\\' && cp[1] == '"') 228 cp++; /* Skip both */ 229 else if (*cp == '"') 230 quoted = !quoted; 231 } 232 } else | 225 for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { 226 if (*cp == '\\' && cp[1] == '"') 227 cp++; /* Skip both */ 228 else if (*cp == '"') 229 quoted = !quoted; 230 } 231 } else |
233 options = NULL; | 232 key_options = NULL; |
234 235 /* Parse the key from the line. */ 236 if (hostfile_read_key(&cp, &bits, key) == 0) { 237 debug("%.100s, line %lu: non ssh1 key syntax", 238 file, linenum); 239 continue; 240 } 241 /* cp now points to the comment part. */ --- 8 unchanged lines hidden (view full) --- 250 "actual %d vs. announced %d.", 251 file, linenum, BN_num_bits(key->rsa->n), bits); 252 253 /* We have found the desired key. */ 254 /* 255 * If our options do not allow this key to be used, 256 * do not send challenge. 257 */ | 233 234 /* Parse the key from the line. */ 235 if (hostfile_read_key(&cp, &bits, key) == 0) { 236 debug("%.100s, line %lu: non ssh1 key syntax", 237 file, linenum); 238 continue; 239 } 240 /* cp now points to the comment part. */ --- 8 unchanged lines hidden (view full) --- 249 "actual %d vs. announced %d.", 250 file, linenum, BN_num_bits(key->rsa->n), bits); 251 252 /* We have found the desired key. */ 253 /* 254 * If our options do not allow this key to be used, 255 * do not send challenge. 256 */ |
258 if (!auth_parse_options(pw, options, file, linenum)) | 257 if (!auth_parse_options(pw, key_options, file, linenum)) |
259 continue; 260 261 /* break out, this key is allowed */ 262 allowed = 1; 263 break; 264 } 265 266 /* Restore the privileged uid. */ --- 62 unchanged lines hidden --- | 258 continue; 259 260 /* break out, this key is allowed */ 261 allowed = 1; 262 break; 263 } 264 265 /* Restore the privileged uid. */ --- 62 unchanged lines hidden --- |