[BACK]Return to auth-rh-rsa.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/auth-rh-rsa.c between version 1.25 and 1.25.2.3

version 1.25, 2001/06/23 03:04:42 version 1.25.2.3, 2002/05/17 00:03:23
Line 16 
Line 16 
 RCSID("$OpenBSD$");  RCSID("$OpenBSD$");
   
 #include "packet.h"  #include "packet.h"
 #include "xmalloc.h"  
 #include "uidswap.h"  #include "uidswap.h"
 #include "log.h"  #include "log.h"
 #include "servconf.h"  #include "servconf.h"
Line 24 
Line 23 
 #include "hostfile.h"  #include "hostfile.h"
 #include "pathnames.h"  #include "pathnames.h"
 #include "auth.h"  #include "auth.h"
 #include "tildexpand.h"  
 #include "canohost.h"  #include "canohost.h"
   
 /*  #include "monitor_wrap.h"
  * Tries to authenticate the user using the .rhosts file and the host using  
  * its host key.  Returns true if authentication succeeds.  
  */  
   
   /* import */
   extern ServerOptions options;
   
 int  int
 auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)  auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
       Key *client_host_key)
 {  {
         extern ServerOptions options;  
         const char *canonical_hostname;  
         HostStatus host_status;          HostStatus host_status;
         Key *client_key;  
   
         debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);  
   
         if (pw == NULL || client_host_key == NULL)  
                 return 0;  
   
         /* Check if we would accept it using rhosts authentication. */          /* Check if we would accept it using rhosts authentication. */
         if (!auth_rhosts(pw, client_user))          if (!auth_rhosts(pw, cuser))
                 return 0;                  return 0;
   
         canonical_hostname = get_canonical_hostname(          host_status = check_key_in_hostfiles(pw, client_host_key,
             options.reverse_mapping_check);              chost, _PATH_SSH_SYSTEM_HOSTFILE,
               options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
   
         debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);          return (host_status == HOST_OK);
   }
   
         /* wrap the RSA key into a 'generic' key */  /*
         client_key = key_new(KEY_RSA1);   * Tries to authenticate the user using the .rhosts file and the host using
         BN_copy(client_key->rsa->e, client_host_key->e);   * its host key.  Returns true if authentication succeeds.
         BN_copy(client_key->rsa->n, client_host_key->n);   */
   int
   auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key)
   {
           char *chost;
   
         host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,          debug("Trying rhosts with RSA host authentication for client user %.100s",
             _PATH_SSH_SYSTEM_HOSTFILE,              cuser);
             options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);  
   
         key_free(client_key);          if (pw == NULL || client_host_key == NULL ||
               client_host_key->rsa == NULL)
                   return 0;
   
         if (host_status != HOST_OK) {          chost = (char *)get_canonical_hostname(options.verify_reverse_mapping);
           debug("Rhosts RSA authentication: canonical host %.900s", chost);
   
           if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) {
                 debug("Rhosts with RSA host authentication denied: unknown or invalid host key");                  debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
                 packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");                  packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
                 return 0;                  return 0;
Line 75 
Line 76 
         /* Perform the challenge-response dialog with the client for the host key. */          /* Perform the challenge-response dialog with the client for the host key. */
         if (!auth_rsa_challenge_dialog(client_host_key)) {          if (!auth_rsa_challenge_dialog(client_host_key)) {
                 log("Client on %.800s failed to respond correctly to host authentication.",                  log("Client on %.800s failed to respond correctly to host authentication.",
                     canonical_hostname);                      chost);
                 return 0;                  return 0;
         }          }
         /*          /*
Line 84 
Line 85 
          */           */
   
         verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",          verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
            pw->pw_name, client_user, canonical_hostname);             pw->pw_name, cuser, chost);
         packet_send_debug("Rhosts with RSA host authentication accepted.");          packet_send_debug("Rhosts with RSA host authentication accepted.");
         return 1;          return 1;
 }  }
Legend:
Removed from v.1.25  
changed lines
  Added in v.1.25.2.3