| version 1.13, 1999/11/24 00:26:00 |
version 1.14, 1999/11/24 19:53:44 |
|
|
| extern char *forced_command; |
extern char *forced_command; |
| extern struct envstring *custom_environment; |
extern struct envstring *custom_environment; |
| |
|
| /* Session identifier that is used to bind key exchange and authentication |
/* |
| responses to a particular session. */ |
* Session identifier that is used to bind key exchange and authentication |
| |
* responses to a particular session. |
| |
*/ |
| extern unsigned char session_id[16]; |
extern unsigned char session_id[16]; |
| |
|
| /* The .ssh/authorized_keys file contains public keys, one per line, in the |
/* |
| following format: |
* The .ssh/authorized_keys file contains public keys, one per line, in the |
| options bits e n comment |
* following format: |
| where bits, e and n are decimal numbers, |
* options bits e n comment |
| and comment is any string of characters up to newline. The maximum |
* where bits, e and n are decimal numbers, |
| length of a line is 8000 characters. See the documentation for a |
* and comment is any string of characters up to newline. The maximum |
| description of the options. |
* length of a line is 8000 characters. See the documentation for a |
| */ |
* description of the options. |
| |
*/ |
| |
|
| /* Performs the RSA authentication challenge-response dialog with the client, |
/* |
| and returns true (non-zero) if the client gave the correct answer to |
* Performs the RSA authentication challenge-response dialog with the client, |
| our challenge; returns zero if the client gives a wrong answer. */ |
* and returns true (non-zero) if the client gave the correct answer to |
| |
* our challenge; returns zero if the client gives a wrong answer. |
| |
*/ |
| |
|
| int |
int |
| auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) |
auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) |
|
|
| return 1; |
return 1; |
| } |
} |
| |
|
| /* Performs the RSA authentication dialog with the client. This returns |
/* |
| 0 if the client could not be authenticated, and 1 if authentication was |
* Performs the RSA authentication dialog with the client. This returns |
| successful. This may exit if there is a serious protocol violation. */ |
* 0 if the client could not be authenticated, and 1 if authentication was |
| |
* successful. This may exit if there is a serious protocol violation. |
| |
*/ |
| |
|
| int |
int |
| auth_rsa(struct passwd *pw, BIGNUM *client_n) |
auth_rsa(struct passwd *pw, BIGNUM *client_n) |
|
|
| /* Flag indicating whether authentication has succeeded. */ |
/* Flag indicating whether authentication has succeeded. */ |
| authenticated = 0; |
authenticated = 0; |
| |
|
| /* Initialize mp-int variables. */ |
|
| e = BN_new(); |
e = BN_new(); |
| n = BN_new(); |
n = BN_new(); |
| |
|
| /* Go though the accepted keys, looking for the current key. If |
/* |
| found, perform a challenge-response dialog to verify that the |
* Go though the accepted keys, looking for the current key. If |
| user really has the corresponding private key. */ |
* found, perform a challenge-response dialog to verify that the |
| |
* user really has the corresponding private key. |
| |
*/ |
| while (fgets(line, sizeof(line), f)) { |
while (fgets(line, sizeof(line), f)) { |
| char *cp; |
char *cp; |
| char *options; |
char *options; |
| |
|
| linenum++; |
linenum++; |
| |
|
| /* Skip leading whitespace. */ |
/* Skip leading whitespace, empty and comment lines. */ |
| for (cp = line; *cp == ' ' || *cp == '\t'; cp++); |
for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
| |
; |
| /* Skip empty and comment lines. */ |
|
| if (!*cp || *cp == '\n' || *cp == '#') |
if (!*cp || *cp == '\n' || *cp == '#') |
| continue; |
continue; |
| |
|
| /* Check if there are options for this key, and if so, |
/* |
| save their starting address and skip the option part |
* Check if there are options for this key, and if so, |
| for now. If there are no options, set the starting |
* save their starting address and skip the option part |
| address to NULL. */ |
* for now. If there are no options, set the starting |
| |
* address to NULL. |
| |
*/ |
| if (*cp < '0' || *cp > '9') { |
if (*cp < '0' || *cp > '9') { |
| int quoted = 0; |
int quoted = 0; |
| options = cp; |
options = cp; |
|
|
| |
|
| /* Check if the we have found the desired key (identified by its modulus). */ |
/* Check if the we have found the desired key (identified by its modulus). */ |
| if (BN_cmp(n, client_n) != 0) |
if (BN_cmp(n, client_n) != 0) |
| continue; /* Wrong key. */ |
continue; |
| |
|
| /* We have found the desired key. */ |
/* We have found the desired key. */ |
| |
|
|
|
| packet_send_debug("Wrong response to RSA authentication challenge."); |
packet_send_debug("Wrong response to RSA authentication challenge."); |
| continue; |
continue; |
| } |
} |
| /* Correct response. The client has been successfully |
/* |
| authenticated. Note that we have not yet processed the |
* Correct response. The client has been successfully |
| options; this will be reset if the options cause the |
* authenticated. Note that we have not yet processed the |
| authentication to be rejected. */ |
* options; this will be reset if the options cause the |
| |
* authentication to be rejected. |
| |
*/ |
| authenticated = 1; |
authenticated = 1; |
| |
|
| /* RSA part of authentication was accepted. Now process the options. */ |
/* RSA part of authentication was accepted. Now process the options. */ |
|
|
| goto next_option; |
goto next_option; |
| } |
} |
| bad_option: |
bad_option: |
| /* Unknown option. */ |
|
| log("Bad options in %.100s file, line %lu: %.50s", |
log("Bad options in %.100s file, line %lu: %.50s", |
| SSH_USER_PERMITTED_KEYS, linenum, options); |
SSH_USER_PERMITTED_KEYS, linenum, options); |
| packet_send_debug("Bad options in %.100s file, line %lu: %.50s", |
packet_send_debug("Bad options in %.100s file, line %lu: %.50s", |
|
|
| break; |
break; |
| |
|
| next_option: |
next_option: |
| /* Skip the comma, and move to the next option |
/* |
| (or break out if there are no more). */ |
* Skip the comma, and move to the next option |
| |
* (or break out if there are no more). |
| |
*/ |
| if (!*options) |
if (!*options) |
| fatal("Bugs in auth-rsa.c option processing."); |
fatal("Bugs in auth-rsa.c option processing."); |
| if (*options == ' ' || *options == '\t') |
if (*options == ' ' || *options == '\t') |
| break; /* End of options. */ |
break; /* End of options. */ |
| if (*options != ',') |
if (*options != ',') |
| goto bad_option; |
goto bad_option; |
| options++; |
options++; |
|
|
| continue; |
continue; |
| } |
} |
| } |
} |
| /* Break out of the loop if authentication was successful; |
/* |
| otherwise continue searching. */ |
* Break out of the loop if authentication was successful; |
| |
* otherwise continue searching. |
| |
*/ |
| if (authenticated) |
if (authenticated) |
| break; |
break; |
| } |
} |
|
|
| /* Close the file. */ |
/* Close the file. */ |
| fclose(f); |
fclose(f); |
| |
|
| /* Clear any mp-int variables. */ |
|
| BN_clear_free(n); |
BN_clear_free(n); |
| BN_clear_free(e); |
BN_clear_free(e); |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-rsa.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh