Annotation of src/usr.bin/ssh/auth-rh-rsa.c, Revision 1.2
1.1 provos 1: /*
2:
3: auth-rh-rsa.c
4:
5: Author: Tatu Ylonen <ylo@cs.hut.fi>
6:
7: Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: All rights reserved
9:
10: Created: Sun May 7 03:08:06 1995 ylo
11:
12: Rhosts or /etc/hosts.equiv authentication combined with RSA host
13: authentication.
14:
15: */
16:
17: #include "includes.h"
1.2 ! provos 18: RCSID("$Id: auth-rh-rsa.c,v 1.1 1999/09/28 04:45:35 provos Exp $");
1.1 provos 19:
20: #include "packet.h"
21: #include "ssh.h"
22: #include "xmalloc.h"
23: #include "uidswap.h"
24:
25: /* Tries to authenticate the user using the .rhosts file and the host using
26: its host key. Returns true if authentication succeeds.
27: .rhosts and .shosts will be ignored if ignore_rhosts is non-zero. */
28:
29: int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
30: unsigned int client_host_key_bits,
31: BIGNUM *client_host_key_e, BIGNUM *client_host_key_n,
32: int ignore_rhosts, int strict_modes)
33: {
34: const char *canonical_hostname;
1.2 ! provos 35: HostStatus host_status;
! 36: BIGNUM *ke, *kn;
1.1 provos 37:
38: debug("Trying rhosts with RSA host authentication for %.100s", client_user);
39:
40: /* Check if we would accept it using rhosts authentication. */
41: if (!auth_rhosts(pw, client_user, ignore_rhosts, strict_modes))
42: return 0;
43:
44: canonical_hostname = get_canonical_hostname();
45:
46: debug("Rhosts RSA authentication: canonical host %.900s",
47: canonical_hostname);
48:
49: /* Check if we know the host and its host key. */
50: /* Check system-wide host file. */
1.2 ! provos 51: ke = BN_new();
! 52: kn = BN_new();
! 53: host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
! 54: client_host_key_bits, client_host_key_e,
! 55: client_host_key_n, ke, kn);
! 56: BN_free(ke);
! 57: BN_free(kn);
! 58: if (host_status != HOST_OK) {
! 59: /* The host key was not found. */
! 60: debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
! 61: packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
! 62: return 0;
! 63: }
! 64:
1.1 provos 65: /* A matching host key was found and is known. */
66:
67: /* Perform the challenge-response dialog with the client for the host key. */
68: if (!auth_rsa_challenge_dialog(client_host_key_bits,
69: client_host_key_e, client_host_key_n))
70: {
71: log("Client on %.800s failed to respond correctly to host authentication.",
72: canonical_hostname);
73: return 0;
74: }
75:
76: /* We have authenticated the user using .rhosts or /etc/hosts.equiv, and
77: the host using RSA. We accept the authentication. */
78:
79: log("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
80: pw->pw_name, client_user, canonical_hostname);
81: packet_send_debug("Rhosts with RSA host authentication accepted.");
82: return 1;
83: }