[BACK]Return to auth-rh-rsa.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/auth-rh-rsa.c between version 1.10 and 1.11

version 1.10, 1999/11/24 19:53:43 version 1.11, 2000/03/23 22:15:33
Line 23 
Line 23 
 #include "uidswap.h"  #include "uidswap.h"
 #include "servconf.h"  #include "servconf.h"
   
   #include <ssl/rsa.h>
   #include <ssl/dsa.h>
   #include "key.h"
   #include "hostfile.h"
   
 /*  /*
  * Tries to authenticate the user using the .rhosts file and the host using   * Tries to authenticate the user using the .rhosts file and the host using
  * its host key.  Returns true if authentication succeeds.   * its host key.  Returns true if authentication succeeds.
  */   */
   
 int  int
 auth_rhosts_rsa(struct passwd *pw, const char *client_user,  auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
                 BIGNUM *client_host_key_e, BIGNUM *client_host_key_n)  
 {  {
         extern ServerOptions options;          extern ServerOptions options;
         const char *canonical_hostname;          const char *canonical_hostname;
         HostStatus host_status;          HostStatus host_status;
         BIGNUM *ke, *kn;          Key *client_key, *found;
   
         debug("Trying rhosts with RSA host authentication for %.100s", client_user);          debug("Trying rhosts with RSA host authentication for %.100s", client_user);
   
           if (client_host_key == NULL)
                   return 0;
   
         /* Check if we would accept it using rhosts authentication. */          /* Check if we would accept it using rhosts authentication. */
         if (!auth_rhosts(pw, client_user))          if (!auth_rhosts(pw, client_user))
                 return 0;                  return 0;
   
         canonical_hostname = get_canonical_hostname();          canonical_hostname = get_canonical_hostname();
   
         debug("Rhosts RSA authentication: canonical host %.900s",          debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
               canonical_hostname);  
   
           /* wrap the RSA key into a 'generic' key */
           client_key = key_new(KEY_RSA);
           BN_copy(client_key->rsa->e, client_host_key->e);
           BN_copy(client_key->rsa->n, client_host_key->n);
           found = key_new(KEY_RSA);
   
         /* Check if we know the host and its host key. */          /* Check if we know the host and its host key. */
         ke = BN_new();  
         kn = BN_new();  
         host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,          host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
                                              client_host_key_e, client_host_key_n,              client_key, found);
                                              ke, kn);  
   
         /* Check user host file unless ignored. */          /* Check user host file unless ignored. */
         if (host_status != HOST_OK && !options.ignore_user_known_hosts) {          if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
Line 73 
Line 82 
                         /* XXX race between stat and the following open() */                          /* XXX race between stat and the following open() */
                         temporarily_use_uid(pw->pw_uid);                          temporarily_use_uid(pw->pw_uid);
                         host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,                          host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
                                                              client_host_key_e, client_host_key_n,                              client_key, found);
                                                              ke, kn);  
                         restore_uid();                          restore_uid();
                 }                  }
                 xfree(user_hostfile);                  xfree(user_hostfile);
         }          }
         BN_free(ke);          key_free(client_key);
         BN_free(kn);          key_free(found);
   
         if (host_status != HOST_OK) {          if (host_status != HOST_OK) {
                 debug("Rhosts with RSA host authentication denied: unknown or invalid host key");                  debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
Line 90 
Line 98 
         /* A matching host key was found and is known. */          /* A matching host key was found and is known. */
   
         /* Perform the challenge-response dialog with the client for the host key. */          /* Perform the challenge-response dialog with the client for the host key. */
         if (!auth_rsa_challenge_dialog(client_host_key_e, client_host_key_n)) {          if (!auth_rsa_challenge_dialog(client_host_key)) {
                 log("Client on %.800s failed to respond correctly to host authentication.",                  log("Client on %.800s failed to respond correctly to host authentication.",
                     canonical_hostname);                      canonical_hostname);
                 return 0;                  return 0;
Line 101 
Line 109 
          */           */
   
         verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",          verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
                 pw->pw_name, client_user, canonical_hostname);             pw->pw_name, client_user, canonical_hostname);
         packet_send_debug("Rhosts with RSA host authentication accepted.");          packet_send_debug("Rhosts with RSA host authentication accepted.");
         return 1;          return 1;
 }  }
Legend:
Removed from v.1.10  
changed lines
  Added in v.1.11