X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/82b00264ef5801fe5bbb3ee875d2eb6111a48660..6a2c4cd8b3908e0d7e28789e83b4dc2b69aaf6d4:/auth-rsa.c diff --git a/auth-rsa.c b/auth-rsa.c index 493f14b1..16369d47 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.55 2002/03/29 19:18:33 stevesk Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); #include #include @@ -23,7 +23,6 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.55 2002/03/29 19:18:33 stevesk Exp $"); #include "packet.h" #include "xmalloc.h" #include "ssh1.h" -#include "mpaux.h" #include "uidswap.h" #include "match.h" #include "auth-options.h" @@ -81,8 +80,8 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) /* don't allow short keys */ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - error("auth_rsa_verify_response: n too small: %d bits", - BN_num_bits(key->rsa->n)); + error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits", + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); return (0); } @@ -187,7 +186,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) secure_filename(f, file, pw, line, sizeof(line)) != 0) { xfree(file); fclose(f); - log("Authentication refused: %s", line); + logit("Authentication refused: %s", line); restore_uid(); return (0); } @@ -204,7 +203,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) */ while (fgets(line, sizeof(line), f)) { char *cp; - char *options; + char *key_options; linenum++; @@ -222,7 +221,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) */ if (*cp < '0' || *cp > '9') { int quoted = 0; - options = cp; + key_options = cp; for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { if (*cp == '\\' && cp[1] == '"') cp++; /* Skip both */ @@ -230,7 +229,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) quoted = !quoted; } } else - options = NULL; + key_options = NULL; /* Parse the key from the line. */ if (hostfile_read_key(&cp, &bits, key) == 0) { @@ -246,7 +245,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) /* check the real bits */ if (bits != BN_num_bits(key->rsa->n)) - log("Warning: %s, line %lu: keysize mismatch: " + logit("Warning: %s, line %lu: keysize mismatch: " "actual %d vs. announced %d.", file, linenum, BN_num_bits(key->rsa->n), bits); @@ -255,7 +254,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) * If our options do not allow this key to be used, * do not send challenge. */ - if (!auth_parse_options(pw, options, file, linenum)) + if (!auth_parse_options(pw, key_options, file, linenum)) continue; /* break out, this key is allowed */ @@ -284,13 +283,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) * successful. This may exit if there is a serious protocol violation. */ int -auth_rsa(struct passwd *pw, BIGNUM *client_n) +auth_rsa(Authctxt *authctxt, BIGNUM *client_n) { Key *key; char *fp; + struct passwd *pw = authctxt->pw; /* no user given */ - if (pw == NULL) + if (!authctxt->valid) return 0; if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {