| version 1.79, 2010/12/03 23:55:27 |
version 1.80, 2011/05/23 03:30:07 |
|
|
| return (success); |
return (success); |
| } |
} |
| |
|
| /* |
static int |
| * check if there's user key matching client_n, |
rsa_key_allowed_in_file(struct passwd *pw, char *file, |
| * return key if login is allowed, NULL otherwise |
const BIGNUM *client_n, Key **rkey) |
| */ |
|
| |
|
| int |
|
| auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) |
|
| { |
{ |
| char line[SSH_MAX_PUBKEY_BYTES], *file; |
char line[SSH_MAX_PUBKEY_BYTES]; |
| int allowed = 0; |
int allowed = 0; |
| u_int bits; |
u_int bits; |
| FILE *f; |
FILE *f; |
| u_long linenum = 0; |
u_long linenum = 0; |
| Key *key; |
Key *key; |
| |
|
| /* Temporarily use the user's uid. */ |
|
| temporarily_use_uid(pw); |
|
| |
|
| /* The authorized keys. */ |
|
| file = authorized_keys_file(pw); |
|
| debug("trying public RSA key file %s", file); |
debug("trying public RSA key file %s", file); |
| f = auth_openkeyfile(file, pw, options.strict_modes); |
if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL) |
| if (!f) { |
return 0; |
| xfree(file); |
|
| restore_uid(); |
|
| return (0); |
|
| } |
|
| |
|
| /* Flag indicating whether the key is allowed. */ |
|
| allowed = 0; |
|
| |
|
| key = key_new(KEY_RSA1); |
|
| |
|
| /* |
/* |
| * Go though the accepted keys, looking for the current key. If |
* Go though the accepted keys, looking for the current key. If |
| * found, perform a challenge-response dialog to verify that the |
* found, perform a challenge-response dialog to verify that the |
| * user really has the corresponding private key. |
* user really has the corresponding private key. |
| */ |
*/ |
| |
key = key_new(KEY_RSA1); |
| while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
| char *cp; |
char *cp; |
| char *key_options; |
char *key_options; |
|
|
| } |
} |
| /* cp now points to the comment part. */ |
/* cp now points to the comment part. */ |
| |
|
| /* Check if the we have found the desired key (identified by its modulus). */ |
/* |
| |
* Check if the we have found the desired key (identified |
| |
* by its modulus). |
| |
*/ |
| if (BN_cmp(key->rsa->n, client_n) != 0) |
if (BN_cmp(key->rsa->n, client_n) != 0) |
| continue; |
continue; |
| |
|
|
|
| break; |
break; |
| } |
} |
| |
|
| /* Restore the privileged uid. */ |
|
| restore_uid(); |
|
| |
|
| /* Close the file. */ |
/* Close the file. */ |
| xfree(file); |
|
| fclose(f); |
fclose(f); |
| |
|
| /* return key if allowed */ |
/* return key if allowed */ |
|
|
| *rkey = key; |
*rkey = key; |
| else |
else |
| key_free(key); |
key_free(key); |
| return (allowed); |
|
| |
return allowed; |
| |
} |
| |
|
| |
/* |
| |
* check if there's user key matching client_n, |
| |
* return key if login is allowed, NULL otherwise |
| |
*/ |
| |
|
| |
int |
| |
auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) |
| |
{ |
| |
char *file; |
| |
u_int i, allowed = 0; |
| |
|
| |
temporarily_use_uid(pw); |
| |
|
| |
for (i = 0; !allowed && i < options.num_authkeys_files; i++) { |
| |
file = expand_authorized_keys( |
| |
options.authorized_keys_files[i], pw); |
| |
allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); |
| |
xfree(file); |
| |
} |
| |
|
| |
restore_uid(); |
| |
|
| |
return allowed; |
| } |
} |
| |
|
| /* |
/* |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-rsa.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh