[BACK]Return to auth-rh-rsa.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/auth-rh-rsa.c between version 1.13 and 1.13.2.3

version 1.13, 2000/04/14 10:30:29 version 1.13.2.3, 2001/03/12 15:44:07
Line 1 
Line 1 
 /*  /*
  *  
  * auth-rh-rsa.c  
  *  
  * Author: Tatu Ylonen <ylo@cs.hut.fi>   * Author: Tatu Ylonen <ylo@cs.hut.fi>
  *  
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved   *                    All rights reserved
  *  
  * Created: Sun May  7 03:08:06 1995 ylo  
  *  
  * Rhosts or /etc/hosts.equiv authentication combined with RSA host   * Rhosts or /etc/hosts.equiv authentication combined with RSA host
  * authentication.   * authentication.
  *   *
    * As far as I am concerned, the code I have written for this software
    * can be used freely for any purpose.  Any derived versions of this
    * software must be clearly marked as such, and if the derived work is
    * incompatible with the protocol description in the RFC file, it must be
    * called by a name other than "ssh" or "Secure Shell".
  */   */
   
 #include "includes.h"  #include "includes.h"
 RCSID("$Id$");  RCSID("$OpenBSD$");
   
 #include "packet.h"  #include "packet.h"
 #include "ssh.h"  
 #include "xmalloc.h"  #include "xmalloc.h"
 #include "uidswap.h"  #include "uidswap.h"
   #include "log.h"
 #include "servconf.h"  #include "servconf.h"
   
 #include <openssl/rsa.h>  
 #include <openssl/dsa.h>  
 #include "key.h"  #include "key.h"
 #include "hostfile.h"  #include "hostfile.h"
   #include "pathnames.h"
   #include "auth.h"
   #include "tildexpand.h"
   #include "canohost.h"
   
 /*  /*
  * Tries to authenticate the user using the .rhosts file and the host using   * Tries to authenticate the user using the .rhosts file and the host using
Line 41 
Line 40 
         HostStatus host_status;          HostStatus host_status;
         Key *client_key, *found;          Key *client_key, *found;
   
         debug("Trying rhosts with RSA host authentication for %.100s", client_user);          debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);
   
         if (client_host_key == NULL)          if (pw == NULL || client_host_key == NULL)
                 return 0;                  return 0;
   
         /* Check if we would accept it using rhosts authentication. */          /* Check if we would accept it using rhosts authentication. */
         if (!auth_rhosts(pw, client_user))          if (!auth_rhosts(pw, client_user))
                 return 0;                  return 0;
   
         canonical_hostname = get_canonical_hostname();          canonical_hostname = get_canonical_hostname(
               options.reverse_mapping_check);
   
         debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);          debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
   
         /* wrap the RSA key into a 'generic' key */          /* wrap the RSA key into a 'generic' key */
         client_key = key_new(KEY_RSA);          client_key = key_new(KEY_RSA1);
         BN_copy(client_key->rsa->e, client_host_key->e);          BN_copy(client_key->rsa->e, client_host_key->e);
         BN_copy(client_key->rsa->n, client_host_key->n);          BN_copy(client_key->rsa->n, client_host_key->n);
         found = key_new(KEY_RSA);          found = key_new(KEY_RSA1);
   
         /* Check if we know the host and its host key. */          /* Check if we know the host and its host key. */
         host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,          host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
             client_key, found);              client_key, found, NULL);
   
         /* Check user host file unless ignored. */          /* Check user host file unless ignored. */
         if (host_status != HOST_OK && !options.ignore_user_known_hosts) {          if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
                 struct stat st;                  struct stat st;
                 char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);                  char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
                 /*                  /*
                  * Check file permissions of SSH_USER_HOSTFILE, auth_rsa()                   * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
                  * did already check pw->pw_dir, but there is a race XXX                   * did already check pw->pw_dir, but there is a race XXX
                  */                   */
                 if (options.strict_modes &&                  if (options.strict_modes &&
Line 82 
Line 82 
                         /* XXX race between stat and the following open() */                          /* XXX race between stat and the following open() */
                         temporarily_use_uid(pw->pw_uid);                          temporarily_use_uid(pw->pw_uid);
                         host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,                          host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
                             client_key, found);                              client_key, found, NULL);
                         restore_uid();                          restore_uid();
                 }                  }
                 xfree(user_hostfile);                  xfree(user_hostfile);
Legend:
Removed from v.1.13  
changed lines
  Added in v.1.13.2.3