[BACK]Return to auth-rh-rsa.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/auth-rh-rsa.c between version 1.23.2.4 and 1.24

version 1.23.2.4, 2002/06/02 22:56:09 version 1.24, 2001/06/23 00:20:57
Line 16 
Line 16 
 RCSID("$OpenBSD$");  RCSID("$OpenBSD$");
   
 #include "packet.h"  #include "packet.h"
   #include "xmalloc.h"
 #include "uidswap.h"  #include "uidswap.h"
 #include "log.h"  #include "log.h"
 #include "servconf.h"  #include "servconf.h"
Line 23 
Line 24 
 #include "hostfile.h"  #include "hostfile.h"
 #include "pathnames.h"  #include "pathnames.h"
 #include "auth.h"  #include "auth.h"
   #include "tildexpand.h"
 #include "canohost.h"  #include "canohost.h"
   
 #include "monitor_wrap.h"  /*
    * Tries to authenticate the user using the .rhosts file and the host using
    * its host key.  Returns true if authentication succeeds.
    */
   
 /* import */  
 extern ServerOptions options;  
   
 int  int
 auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,  auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
     Key *client_host_key)  
 {  {
           extern ServerOptions options;
           const char *canonical_hostname;
         HostStatus host_status;          HostStatus host_status;
           Key *client_key;
   
           debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);
   
           if (pw == NULL || client_host_key == NULL)
                   return 0;
   
         /* Check if we would accept it using rhosts authentication. */          /* Check if we would accept it using rhosts authentication. */
         if (!auth_rhosts(pw, cuser))          if (!auth_rhosts(pw, client_user))
                 return 0;                  return 0;
   
         host_status = check_key_in_hostfiles(pw, client_host_key,          canonical_hostname = get_canonical_hostname(
             chost, _PATH_SSH_SYSTEM_HOSTFILE,              options.reverse_mapping_check);
             options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);  
   
         return (host_status == HOST_OK);          debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
 }  
   
 /*          /* wrap the RSA key into a 'generic' key */
  * Tries to authenticate the user using the .rhosts file and the host using          client_key = key_new(KEY_RSA1);
  * its host key.  Returns true if authentication succeeds.          BN_copy(client_key->rsa->e, client_host_key->e);
  */          BN_copy(client_key->rsa->n, client_host_key->n);
 int  
 auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key)  
 {  
         char *chost;  
   
         debug("Trying rhosts with RSA host authentication for client user %.100s",          host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,
             cuser);              _PATH_SSH_SYSTEM_HOSTFILE,
               options.ignore_user_known_hosts ? _PATH_SSH_USER_HOSTFILE : NULL);
   
         if (pw == NULL || client_host_key == NULL ||          key_free(client_key);
             client_host_key->rsa == NULL)  
                 return 0;  
   
         chost = (char *)get_canonical_hostname(options.verify_reverse_mapping);          if (host_status != HOST_OK) {
         debug("Rhosts RSA authentication: canonical host %.900s", chost);  
   
         if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) {  
                 debug("Rhosts with RSA host authentication denied: unknown or invalid host key");                  debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
                 packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");                  packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
                 return 0;                  return 0;
Line 76 
Line 75 
         /* Perform the challenge-response dialog with the client for the host key. */          /* Perform the challenge-response dialog with the client for the host key. */
         if (!auth_rsa_challenge_dialog(client_host_key)) {          if (!auth_rsa_challenge_dialog(client_host_key)) {
                 log("Client on %.800s failed to respond correctly to host authentication.",                  log("Client on %.800s failed to respond correctly to host authentication.",
                     chost);                      canonical_hostname);
                 return 0;                  return 0;
         }          }
         /*          /*
Line 85 
Line 84 
          */           */
   
         verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",          verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
            pw->pw_name, cuser, chost);             pw->pw_name, client_user, canonical_hostname);
         packet_send_debug("Rhosts with RSA host authentication accepted.");          packet_send_debug("Rhosts with RSA host authentication accepted.");
         return 1;          return 1;
 }  }
Legend:
Removed from v.1.23.2.4  
changed lines
  Added in v.1.24