- (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from

[openssh.git] / auth-rsa.c

diff --git a/auth-rsa.c b/auth-rsa.c
index 493f14b1147a6eb7b691ce56a246c8b57cc40162..16369d47c80de83c6113af809e78eeff54b61aa8 100644 (file)
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.55 2002/03/29 19:18:33 stevesk Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -23,7 +23,6 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.55 2002/03/29 19:18:33 stevesk Exp $");
 #include "packet.h"
 #include "xmalloc.h"
 #include "ssh1.h"
-#include "mpaux.h"
 #include "uidswap.h"
 #include "match.h"
 #include "auth-options.h"
@@ -81,8 +80,8 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
 
        /* don't allow short keys */
        if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
-               error("auth_rsa_verify_response: n too small: %d bits",
-                   BN_num_bits(key->rsa->n));
+               error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits",
+                   BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
                return (0);
        }
 
@@ -187,7 +186,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
            secure_filename(f, file, pw, line, sizeof(line)) != 0) {
                xfree(file);
                fclose(f);
-               log("Authentication refused: %s", line);
+               logit("Authentication refused: %s", line);
                restore_uid();
                return (0);
        }
@@ -204,7 +203,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
         */
        while (fgets(line, sizeof(line), f)) {
                char *cp;
-               char *options;
+               char *key_options;
 
                linenum++;
 
@@ -222,7 +221,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
                 */
                if (*cp < '0' || *cp > '9') {
                        int quoted = 0;
-                       options = cp;
+                       key_options = cp;
                        for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
                                if (*cp == '\\' && cp[1] == '"')
                                        cp++;   /* Skip both */
@@ -230,7 +229,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
                                        quoted = !quoted;
                        }
                } else
-                       options = NULL;
+                       key_options = NULL;
 
                /* Parse the key from the line. */
                if (hostfile_read_key(&cp, &bits, key) == 0) {
@@ -246,7 +245,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 
                /* check the real bits  */
                if (bits != BN_num_bits(key->rsa->n))
-                       log("Warning: %s, line %lu: keysize mismatch: "
+                       logit("Warning: %s, line %lu: keysize mismatch: "
                            "actual %d vs. announced %d.",
                            file, linenum, BN_num_bits(key->rsa->n), bits);
 
@@ -255,7 +254,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
                 * If our options do not allow this key to be used,
                 * do not send challenge.
                 */
-               if (!auth_parse_options(pw, options, file, linenum))
+               if (!auth_parse_options(pw, key_options, file, linenum))
                        continue;
 
                /* break out, this key is allowed */
@@ -284,13 +283,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
  * successful.  This may exit if there is a serious protocol violation.
  */
 int
-auth_rsa(struct passwd *pw, BIGNUM *client_n)
+auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
 {
        Key *key;
        char *fp;
+       struct passwd *pw = authctxt->pw;
 
        /* no user given */
-       if (pw == NULL)
+       if (!authctxt->valid)
                return 0;
 
        if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {