]> andersk Git - openssh.git/blame - auth-rh-rsa.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
[openssh.git] / auth-rh-rsa.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5260325f 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5260325f 5 * Rhosts or /etc/hosts.equiv authentication combined with RSA host
6 * authentication.
7 *
bcbf86ec 8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
5260325f 13 */
8efc0c15 14
15#include "includes.h"
fdaef11e 16RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $");
8efc0c15 17
18#include "packet.h"
8efc0c15 19#include "uidswap.h"
42f11eb2 20#include "log.h"
b4748e2f 21#include "servconf.h"
4fe2af09 22#include "key.h"
23#include "hostfile.h"
42f11eb2 24#include "pathnames.h"
25#include "auth.h"
42f11eb2 26#include "canohost.h"
4fe2af09 27
1853d1ef 28#include "monitor_wrap.h"
29
3e65880e 30/* import */
31extern ServerOptions options;
32
6ae2364d 33int
3e65880e 34auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
35 Key *client_host_key)
8efc0c15 36{
5260325f 37 HostStatus host_status;
5260325f 38
5260325f 39 /* Check if we would accept it using rhosts authentication. */
3e65880e 40 if (!auth_rhosts(pw, cuser))
5260325f 41 return 0;
42
dc421aa3 43 host_status = check_key_in_hostfiles(pw, client_host_key,
3e65880e 44 chost, _PATH_SSH_SYSTEM_HOSTFILE,
73473230 45 options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
5260325f 46
762715ce 47 return (host_status == HOST_OK);
3e65880e 48}
49
50/*
51 * Tries to authenticate the user using the .rhosts file and the host using
52 * its host key. Returns true if authentication succeeds.
53 */
54int
fdaef11e 55auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
3e65880e 56{
57 char *chost;
fdaef11e 58 struct passwd *pw = authctxt->pw;
3e65880e 59
60 debug("Trying rhosts with RSA host authentication for client user %.100s",
61 cuser);
62
fdaef11e 63 if (!authctxt->valid || client_host_key == NULL ||
3e65880e 64 client_host_key->rsa == NULL)
65 return 0;
66
c5a7d788 67 chost = (char *)get_canonical_hostname(options.use_dns);
3e65880e 68 debug("Rhosts RSA authentication: canonical host %.900s", chost);
69
1853d1ef 70 if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) {
5260325f 71 debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
72 packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
73 return 0;
74 }
75 /* A matching host key was found and is known. */
76
77 /* Perform the challenge-response dialog with the client for the host key. */
46f1eece 78 if (!auth_rsa_challenge_dialog(client_host_key)) {
bbe88b6d 79 logit("Client on %.800s failed to respond correctly to host authentication.",
3e65880e 80 chost);
5260325f 81 return 0;
82 }
aa3378df 83 /*
84 * We have authenticated the user using .rhosts or /etc/hosts.equiv,
85 * and the host using RSA. We accept the authentication.
86 */
5260325f 87
88 verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
3e65880e 89 pw->pw_name, cuser, chost);
5260325f 90 packet_send_debug("Rhosts with RSA host authentication accepted.");
91 return 1;
8efc0c15 92}
git-cvsimport mirror of OpenSSH
This page took 0.250397 seconds and 5 git commands to generate.