- djm@cvs.openbsd.org 2010/01/30 02:54:53

[openssh.git] / auth-rsa.c

diff --git a/auth-rsa.c b/auth-rsa.c
index 65c77805f53e55ee58404878a2e8e93add305978..bf54620760ad62a8221765ec55e315bd9fa99ed9 100644 (file)
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.69 2006/07/22 20:48:22 stevesk Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.73 2008/07/02 12:03:51 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -23,20 +23,27 @@
 #include <openssl/md5.h>
 
 #include <pwd.h>
+#include <stdio.h>
+#include <stdarg.h>
 #include <string.h>
 
+#include "xmalloc.h"
 #include "rsa.h"
 #include "packet.h"
-#include "xmalloc.h"
 #include "ssh1.h"
 #include "uidswap.h"
 #include "match.h"
+#include "buffer.h"
 #include "auth-options.h"
 #include "pathnames.h"
 #include "log.h"
 #include "servconf.h"
-#include "auth.h"
+#include "key.h"
 #include "hostfile.h"
+#include "auth.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
 #include "monitor_wrap.h"
 #include "ssh.h"
 #include "misc.h"
@@ -69,10 +76,12 @@ auth_rsa_generate_challenge(Key *key)
        if ((challenge = BN_new()) == NULL)
                fatal("auth_rsa_generate_challenge: BN_new() failed");
        /* Generate a random challenge. */
-       BN_rand(challenge, 256, 0, 0);
+       if (BN_rand(challenge, 256, 0, 0) == 0)
+               fatal("auth_rsa_generate_challenge: BN_rand failed");
        if ((ctx = BN_CTX_new()) == NULL)
-               fatal("auth_rsa_generate_challenge: BN_CTX_new() failed");
-       BN_mod(challenge, challenge, key->rsa->n, ctx);
+               fatal("auth_rsa_generate_challenge: BN_CTX_new failed");
+       if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0)
+               fatal("auth_rsa_generate_challenge: BN_mod failed");
        BN_CTX_free(ctx);
 
        return challenge;
@@ -164,7 +173,6 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
        u_int bits;
        FILE *f;
        u_long linenum = 0;
-       struct stat st;
        Key *key;
 
        /* Temporarily use the user's uid. */
@@ -173,27 +181,9 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
        /* The authorized keys. */
        file = authorized_keys_file(pw);
        debug("trying public RSA key file %s", file);
-
-       /* Fail quietly if file does not exist */
-       if (stat(file, &st) < 0) {
-               /* Restore the privileged uid. */
-               restore_uid();
-               xfree(file);
-               return (0);
-       }
-       /* Open the file containing the authorized keys. */
-       f = fopen(file, "r");
+       f = auth_openkeyfile(file, pw, options.strict_modes);
        if (!f) {
-               /* Restore the privileged uid. */
-               restore_uid();
-               xfree(file);
-               return (0);
-       }
-       if (options.strict_modes &&
-           secure_filename(f, file, pw, line, sizeof(line)) != 0) {
                xfree(file);
-               fclose(f);
-               logit("Authentication refused: %s", line);
                restore_uid();
                return (0);
        }