Annotation of src/usr.bin/ssh/auth-rh-rsa.c, Revision 1.1
1.1 ! provos 1: /*
! 2:
! 3: auth-rh-rsa.c
! 4:
! 5: Author: Tatu Ylonen <ylo@cs.hut.fi>
! 6:
! 7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
! 8: All rights reserved
! 9:
! 10: Created: Sun May 7 03:08:06 1995 ylo
! 11:
! 12: Rhosts or /etc/hosts.equiv authentication combined with RSA host
! 13: authentication.
! 14:
! 15: */
! 16:
! 17: #include "includes.h"
! 18: RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/05/04 11:58:23 bg Exp $");
! 19:
! 20: #include "packet.h"
! 21: #include "ssh.h"
! 22: #include "xmalloc.h"
! 23: #include "uidswap.h"
! 24:
! 25: /* Tries to authenticate the user using the .rhosts file and the host using
! 26: its host key. Returns true if authentication succeeds.
! 27: .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */
! 28:
! 29: int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
! 30: unsigned int client_host_key_bits,
! 31: BIGNUM *client_host_key_e, BIGNUM *client_host_key_n,
! 32: int ignore_rhosts, int strict_modes)
! 33: {
! 34: const char *canonical_hostname;
! 35:
! 36: debug("Trying rhosts with RSA host authentication for %.100s", client_user);
! 37:
! 38: /* Check if we would accept it using rhosts authentication. */
! 39: if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes))
! 40: return 0;
! 41:
! 42: canonical_hostname = get_canonical_hostname();
! 43:
! 44: debug("Rhosts RSA authentication: canonical host %.900s",
! 45: canonical_hostname);
! 46:
! 47: /* Check if we know the host and its host key. */
! 48: /* Check system-wide host file. */
! 49: if (check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
! 50: client_host_key_bits, client_host_key_e,
! 51: client_host_key_n) != HOST_OK)
! 52: {
! 53: /* The host key was not found. */
! 54: debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
! 55: packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
! 56: return 0;
! 57: }
! 58: /* A matching host key was found and is known. */
! 59:
! 60: /* Perform the challenge-response dialog with the client for the host key. */
! 61: if (!auth_rsa_challenge_dialog(client_host_key_bits,
! 62: client_host_key_e, client_host_key_n))
! 63: {
! 64: log("Client on %.800s failed to respond correctly to host authentication.",
! 65: canonical_hostname);
! 66: return 0;
! 67: }
! 68:
! 69: /* We have authenticated the user using .rhosts or /etc/hosts.equiv, and
! 70: the host using RSA. We accept the authentication. */
! 71:
! 72: log("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
! 73: pw->pw_name, client_user, canonical_hostname);
! 74: packet_send_debug("Rhosts with RSA host authentication accepted.");
! 75: return 1;
! 76: }