]> andersk Git - gssapi-openssh.git/blobdiff - openssh/auth-rsa.c
Import of OpenSSH 3.1p1
[gssapi-openssh.git] / openssh / auth-rsa.c
index 701d8bd5317da247a31ad566cfce98d4b960815a..f7ae03cfdaf13009c5b28b2e5fc6d5dd92a86aa6 100644 (file)
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.44 2001/07/23 18:14:58 stevesk Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.50 2001/12/28 14:50:54 markus Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -31,6 +31,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.44 2001/07/23 18:14:58 stevesk Exp $");
 #include "log.h"
 #include "servconf.h"
 #include "auth.h"
+#include "hostfile.h"
 
 /* import */
 extern ServerOptions options;
@@ -65,14 +66,17 @@ auth_rsa_challenge_dialog(RSA *pk)
        u_char buf[32], mdbuf[16], response[16];
        MD5_CTX md;
        u_int i;
-       int plen, len;
+       int len;
 
-       encrypted_challenge = BN_new();
-       challenge = BN_new();
+       if ((encrypted_challenge = BN_new()) == NULL)
+               fatal("auth_rsa_challenge_dialog: BN_new() failed");
+       if ((challenge = BN_new()) == NULL)
+               fatal("auth_rsa_challenge_dialog: BN_new() failed");
 
        /* Generate a random challenge. */
        BN_rand(challenge, 256, 0, 0);
-       ctx = BN_CTX_new();
+       if ((ctx = BN_CTX_new()) == NULL)
+               fatal("auth_rsa_challenge_dialog: BN_CTX_new() failed");
        BN_mod(challenge, challenge, pk->n, ctx);
        BN_CTX_free(ctx);
 
@@ -87,10 +91,10 @@ auth_rsa_challenge_dialog(RSA *pk)
        packet_write_wait();
 
        /* Wait for a response. */
-       packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE);
-       packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE);
+       packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE);
        for (i = 0; i < 16; i++)
                response[i] = packet_get_char();
+       packet_check_eom();
 
        /* The response is MD5 of decrypted challenge plus session id. */
        len = BN_num_bytes(challenge);
@@ -128,7 +132,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
        FILE *f;
        u_long linenum = 0;
        struct stat st;
-       RSA *pk;
+       Key *key;
+       char *fp;
 
        /* no user given */
        if (pw == NULL)
@@ -170,9 +175,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
        /* Flag indicating whether authentication has succeeded. */
        authenticated = 0;
 
-       pk = RSA_new();
-       pk->e = BN_new();
-       pk->n = BN_new();
+       key = key_new(KEY_RSA1);
 
        /*
         * Go though the accepted keys, looking for the current key.  If
@@ -210,7 +213,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
                        options = NULL;
 
                /* Parse the key from the line. */
-               if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
+               if (hostfile_read_key(&cp, &bits, key) == 0) {
                        debug("%.100s, line %lu: non ssh1 key syntax",
                            file, linenum);
                        continue;
@@ -218,14 +221,14 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
                /* cp now points to the comment part. */
 
                /* Check if the we have found the desired key (identified by its modulus). */
-               if (BN_cmp(pk->n, client_n) != 0)
+               if (BN_cmp(key->rsa->n, client_n) != 0)
                        continue;
 
                /* check the real bits  */
-               if (bits != BN_num_bits(pk->n))
+               if (bits != BN_num_bits(key->rsa->n))
                        log("Warning: %s, line %lu: keysize mismatch: "
                            "actual %d vs. announced %d.",
-                           file, linenum, BN_num_bits(pk->n), bits);
+                           file, linenum, BN_num_bits(key->rsa->n), bits);
 
                /* We have found the desired key. */
                /*
@@ -236,11 +239,15 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
                        continue;
 
                /* Perform the challenge-response dialog for this key. */
-               if (!auth_rsa_challenge_dialog(pk)) {
+               if (!auth_rsa_challenge_dialog(key->rsa)) {
                        /* Wrong response. */
                        verbose("Wrong response to RSA authentication challenge.");
                        packet_send_debug("Wrong response to RSA authentication challenge.");
-                       continue;
+                       /*
+                        * Break out of the loop. Otherwise we might send
+                        * another challenge and break the protocol.
+                        */
+                       break;
                }
                /*
                 * Correct response.  The client has been successfully
@@ -251,6 +258,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
                 * otherwise continue searching.
                 */
                authenticated = 1;
+
+               fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+               verbose("Found matching %s key: %s",
+                   key_type(key), fp);
+               xfree(fp);
+
                break;
        }
 
@@ -261,7 +274,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
        xfree(file);
        fclose(f);
 
-       RSA_free(pk);
+       key_free(key);
 
        if (authenticated)
                packet_send_debug("RSA authentication accepted.");
This page took 0.03341 seconds and 4 git commands to generate.