| version 1.40.2.3, 2002/06/02 22:56:09 |
version 1.41, 2001/05/20 17:20:35 |
|
|
| #include "log.h" |
#include "log.h" |
| #include "servconf.h" |
#include "servconf.h" |
| #include "auth.h" |
#include "auth.h" |
| #include "hostfile.h" |
|
| #include "monitor_wrap.h" |
|
| #include "ssh.h" |
|
| |
|
| /* import */ |
/* import */ |
| extern ServerOptions options; |
extern ServerOptions options; |
|
|
| * description of the options. |
* description of the options. |
| */ |
*/ |
| |
|
| BIGNUM * |
|
| auth_rsa_generate_challenge(Key *key) |
|
| { |
|
| BIGNUM *challenge; |
|
| BN_CTX *ctx; |
|
| |
|
| if ((challenge = BN_new()) == NULL) |
|
| fatal("auth_rsa_generate_challenge: BN_new() failed"); |
|
| /* Generate a random challenge. */ |
|
| BN_rand(challenge, 256, 0, 0); |
|
| if ((ctx = BN_CTX_new()) == NULL) |
|
| fatal("auth_rsa_generate_challenge: BN_CTX_new() failed"); |
|
| BN_mod(challenge, challenge, key->rsa->n, ctx); |
|
| BN_CTX_free(ctx); |
|
| |
|
| return challenge; |
|
| } |
|
| |
|
| int |
|
| auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) |
|
| { |
|
| u_char buf[32], mdbuf[16]; |
|
| MD5_CTX md; |
|
| int len; |
|
| |
|
| /* don't allow short keys */ |
|
| if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
|
| error("auth_rsa_verify_response: n too small: %d bits", |
|
| BN_num_bits(key->rsa->n)); |
|
| return (0); |
|
| } |
|
| |
|
| /* The response is MD5 of decrypted challenge plus session id. */ |
|
| len = BN_num_bytes(challenge); |
|
| if (len <= 0 || len > 32) |
|
| fatal("auth_rsa_verify_response: bad challenge length %d", len); |
|
| memset(buf, 0, 32); |
|
| BN_bn2bin(challenge, buf + 32 - len); |
|
| MD5_Init(&md); |
|
| MD5_Update(&md, buf, 32); |
|
| MD5_Update(&md, session_id, 16); |
|
| MD5_Final(mdbuf, &md); |
|
| |
|
| /* Verify that the response is the original challenge. */ |
|
| if (memcmp(response, mdbuf, 16) != 0) { |
|
| /* Wrong answer. */ |
|
| return (0); |
|
| } |
|
| /* Correct answer. */ |
|
| return (1); |
|
| } |
|
| |
|
| /* |
/* |
| * Performs the RSA authentication challenge-response dialog with the client, |
* Performs the RSA authentication challenge-response dialog with the client, |
| * and returns true (non-zero) if the client gave the correct answer to |
* and returns true (non-zero) if the client gave the correct answer to |
|
|
| */ |
*/ |
| |
|
| int |
int |
| auth_rsa_challenge_dialog(Key *key) |
auth_rsa_challenge_dialog(RSA *pk) |
| { |
{ |
| BIGNUM *challenge, *encrypted_challenge; |
BIGNUM *challenge, *encrypted_challenge; |
| u_char response[16]; |
BN_CTX *ctx; |
| int i, success; |
u_char buf[32], mdbuf[16], response[16]; |
| |
MD5_CTX md; |
| |
u_int i; |
| |
int plen, len; |
| |
|
| if ((encrypted_challenge = BN_new()) == NULL) |
encrypted_challenge = BN_new(); |
| fatal("auth_rsa_challenge_dialog: BN_new() failed"); |
challenge = BN_new(); |
| |
|
| challenge = PRIVSEP(auth_rsa_generate_challenge(key)); |
/* Generate a random challenge. */ |
| |
BN_rand(challenge, 256, 0, 0); |
| |
ctx = BN_CTX_new(); |
| |
BN_mod(challenge, challenge, pk->n, ctx); |
| |
BN_CTX_free(ctx); |
| |
|
| /* Encrypt the challenge with the public key. */ |
/* Encrypt the challenge with the public key. */ |
| rsa_public_encrypt(encrypted_challenge, challenge, key->rsa); |
rsa_public_encrypt(encrypted_challenge, challenge, pk); |
| |
|
| /* Send the encrypted challenge to the client. */ |
/* Send the encrypted challenge to the client. */ |
| packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); |
packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); |
|
|
| packet_write_wait(); |
packet_write_wait(); |
| |
|
| /* Wait for a response. */ |
/* Wait for a response. */ |
| packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE); |
packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); |
| |
packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); |
| for (i = 0; i < 16; i++) |
for (i = 0; i < 16; i++) |
| response[i] = packet_get_char(); |
response[i] = packet_get_char(); |
| packet_check_eom(); |
|
| |
|
| success = PRIVSEP(auth_rsa_verify_response(key, challenge, response)); |
/* The response is MD5 of decrypted challenge plus session id. */ |
| |
len = BN_num_bytes(challenge); |
| |
if (len <= 0 || len > 32) |
| |
fatal("auth_rsa_challenge_dialog: bad challenge length %d", len); |
| |
memset(buf, 0, 32); |
| |
BN_bn2bin(challenge, buf + 32 - len); |
| |
MD5_Init(&md); |
| |
MD5_Update(&md, buf, 32); |
| |
MD5_Update(&md, session_id, 16); |
| |
MD5_Final(mdbuf, &md); |
| BN_clear_free(challenge); |
BN_clear_free(challenge); |
| return (success); |
|
| |
/* Verify that the response is the original challenge. */ |
| |
if (memcmp(response, mdbuf, 16) != 0) { |
| |
/* Wrong answer. */ |
| |
return 0; |
| |
} |
| |
/* Correct answer. */ |
| |
return 1; |
| } |
} |
| |
|
| /* |
/* |
| * check if there's user key matching client_n, |
* Performs the RSA authentication dialog with the client. This returns |
| * return key if login is allowed, NULL otherwise |
* 0 if the client could not be authenticated, and 1 if authentication was |
| |
* successful. This may exit if there is a serious protocol violation. |
| */ |
*/ |
| |
|
| int |
int |
| auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) |
auth_rsa(struct passwd *pw, BIGNUM *client_n) |
| { |
{ |
| char line[8192], *file; |
char line[8192], *file; |
| int allowed = 0; |
int authenticated; |
| u_int bits; |
u_int bits; |
| FILE *f; |
FILE *f; |
| u_long linenum = 0; |
u_long linenum = 0; |
| struct stat st; |
struct stat st; |
| Key *key; |
RSA *pk; |
| |
|
| |
/* no user given */ |
| |
if (pw == NULL) |
| |
return 0; |
| |
|
| /* Temporarily use the user's uid. */ |
/* Temporarily use the user's uid. */ |
| temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
| |
|
|
|
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
| restore_uid(); |
restore_uid(); |
| xfree(file); |
xfree(file); |
| return (0); |
return 0; |
| } |
} |
| /* Open the file containing the authorized keys. */ |
/* Open the file containing the authorized keys. */ |
| f = fopen(file, "r"); |
f = fopen(file, "r"); |
| if (!f) { |
if (!f) { |
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
| restore_uid(); |
restore_uid(); |
| |
packet_send_debug("Could not open %.900s for reading.", file); |
| |
packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); |
| xfree(file); |
xfree(file); |
| return (0); |
return 0; |
| } |
} |
| if (options.strict_modes && |
if (options.strict_modes && |
| secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
secure_filename(f, file, pw->pw_uid, line, sizeof(line)) != 0) { |
| xfree(file); |
xfree(file); |
| fclose(f); |
fclose(f); |
| log("Authentication refused: %s", line); |
log("Authentication refused: %s", line); |
| |
packet_send_debug("Authentication refused: %s", line); |
| restore_uid(); |
restore_uid(); |
| return (0); |
return 0; |
| } |
} |
| |
/* Flag indicating whether authentication has succeeded. */ |
| |
authenticated = 0; |
| |
|
| /* Flag indicating whether the key is allowed. */ |
pk = RSA_new(); |
| allowed = 0; |
pk->e = BN_new(); |
| |
pk->n = BN_new(); |
| |
|
| key = key_new(KEY_RSA1); |
|
| |
|
| /* |
/* |
| * Go though the accepted keys, looking for the current key. If |
* Go though the accepted keys, looking for the current key. If |
| * found, perform a challenge-response dialog to verify that the |
* found, perform a challenge-response dialog to verify that the |
|
|
| options = NULL; |
options = NULL; |
| |
|
| /* Parse the key from the line. */ |
/* Parse the key from the line. */ |
| if (hostfile_read_key(&cp, &bits, key) == 0) { |
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { |
| debug("%.100s, line %lu: non ssh1 key syntax", |
debug("%.100s, line %lu: bad key syntax", |
| file, linenum); |
file, linenum); |
| |
packet_send_debug("%.100s, line %lu: bad key syntax", |
| |
file, linenum); |
| continue; |
continue; |
| } |
} |
| /* cp now points to the comment part. */ |
/* cp now points to the comment part. */ |
| |
|
| /* Check if the we have found the desired key (identified by its modulus). */ |
/* Check if the we have found the desired key (identified by its modulus). */ |
| if (BN_cmp(key->rsa->n, client_n) != 0) |
if (BN_cmp(pk->n, client_n) != 0) |
| continue; |
continue; |
| |
|
| /* check the real bits */ |
/* check the real bits */ |
| if (bits != BN_num_bits(key->rsa->n)) |
if (bits != BN_num_bits(pk->n)) |
| log("Warning: %s, line %lu: keysize mismatch: " |
log("Warning: %s, line %ld: keysize mismatch: " |
| "actual %d vs. announced %d.", |
"actual %d vs. announced %d.", |
| file, linenum, BN_num_bits(key->rsa->n), bits); |
file, linenum, BN_num_bits(pk->n), bits); |
| |
|
| /* We have found the desired key. */ |
/* We have found the desired key. */ |
| /* |
/* |
|
|
| if (!auth_parse_options(pw, options, file, linenum)) |
if (!auth_parse_options(pw, options, file, linenum)) |
| continue; |
continue; |
| |
|
| /* break out, this key is allowed */ |
/* Perform the challenge-response dialog for this key. */ |
| allowed = 1; |
if (!auth_rsa_challenge_dialog(pk)) { |
| |
/* Wrong response. */ |
| |
verbose("Wrong response to RSA authentication challenge."); |
| |
packet_send_debug("Wrong response to RSA authentication challenge."); |
| |
continue; |
| |
} |
| |
/* |
| |
* Correct response. The client has been successfully |
| |
* authenticated. Note that we have not yet processed the |
| |
* options; this will be reset if the options cause the |
| |
* authentication to be rejected. |
| |
* Break out of the loop if authentication was successful; |
| |
* otherwise continue searching. |
| |
*/ |
| |
authenticated = 1; |
| break; |
break; |
| } |
} |
| |
|
|
|
| xfree(file); |
xfree(file); |
| fclose(f); |
fclose(f); |
| |
|
| /* return key if allowed */ |
RSA_free(pk); |
| if (allowed && rkey != NULL) |
|
| *rkey = key; |
|
| else |
|
| key_free(key); |
|
| return (allowed); |
|
| } |
|
| |
|
| /* |
if (authenticated) |
| * Performs the RSA authentication dialog with the client. This returns |
packet_send_debug("RSA authentication accepted."); |
| * 0 if the client could not be authenticated, and 1 if authentication was |
else |
| * successful. This may exit if there is a serious protocol violation. |
|
| */ |
|
| int |
|
| auth_rsa(struct passwd *pw, BIGNUM *client_n) |
|
| { |
|
| Key *key; |
|
| char *fp; |
|
| |
|
| /* no user given */ |
|
| if (pw == NULL) |
|
| return 0; |
|
| |
|
| if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { |
|
| auth_clear_options(); |
auth_clear_options(); |
| return (0); |
|
| } |
|
| |
|
| /* Perform the challenge-response dialog for this key. */ |
/* Return authentication result. */ |
| if (!auth_rsa_challenge_dialog(key)) { |
return authenticated; |
| /* Wrong response. */ |
|
| verbose("Wrong response to RSA authentication challenge."); |
|
| packet_send_debug("Wrong response to RSA authentication challenge."); |
|
| /* |
|
| * Break out of the loop. Otherwise we might send |
|
| * another challenge and break the protocol. |
|
| */ |
|
| key_free(key); |
|
| return (0); |
|
| } |
|
| /* |
|
| * Correct response. The client has been successfully |
|
| * authenticated. Note that we have not yet processed the |
|
| * options; this will be reset if the options cause the |
|
| * authentication to be rejected. |
|
| */ |
|
| fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
|
| verbose("Found matching %s key: %s", |
|
| key_type(key), fp); |
|
| xfree(fp); |
|
| key_free(key); |
|
| |
|
| packet_send_debug("RSA authentication accepted."); |
|
| return (1); |
|
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-rsa.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh