version 1.8, 1999/11/11 23:36:52 |
version 1.9, 1999/11/15 20:53:24 |
|
|
our challenge; returns zero if the client gives a wrong answer. */ |
our challenge; returns zero if the client gives a wrong answer. */ |
|
|
int |
int |
auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n) |
auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) |
{ |
{ |
BIGNUM *challenge, *encrypted_challenge, *aux; |
BIGNUM *challenge, *encrypted_challenge, *aux; |
RSA *pk; |
RSA *pk; |
|
|
auth_rsa(struct passwd *pw, BIGNUM *client_n) |
auth_rsa(struct passwd *pw, BIGNUM *client_n) |
{ |
{ |
extern ServerOptions options; |
extern ServerOptions options; |
char line[8192]; |
char line[8192], file[1024]; |
int authenticated; |
int authenticated; |
unsigned int bits; |
unsigned int bits; |
FILE *f; |
FILE *f; |
|
|
temporarily_use_uid(pw->pw_uid); |
temporarily_use_uid(pw->pw_uid); |
|
|
/* The authorized keys. */ |
/* The authorized keys. */ |
snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, |
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, |
SSH_USER_PERMITTED_KEYS); |
SSH_USER_PERMITTED_KEYS); |
|
|
/* Fail quietly if file does not exist */ |
/* Fail quietly if file does not exist */ |
if (stat(line, &st) < 0) |
if (stat(file, &st) < 0) |
{ |
{ |
/* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
restore_uid(); |
restore_uid(); |
|
|
} |
} |
|
|
/* Open the file containing the authorized keys. */ |
/* Open the file containing the authorized keys. */ |
f = fopen(line, "r"); |
f = fopen(file, "r"); |
if (!f) |
if (!f) |
{ |
{ |
/* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
restore_uid(); |
restore_uid(); |
packet_send_debug("Could not open %.900s for reading.", line); |
packet_send_debug("Could not open %.900s for reading.", file); |
packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); |
packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); |
return 0; |
return 0; |
} |
} |
|
|
(st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
(st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
(st.st_mode & 022) != 0) { |
(st.st_mode & 022) != 0) { |
snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: " |
snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: " |
"bad ownership or modes for '%s'.", pw->pw_name, line); |
"bad ownership or modes for '%s'.", pw->pw_name, file); |
fail=1; |
fail=1; |
}else{ |
}else{ |
/* Check path to SSH_USER_PERMITTED_KEYS */ |
/* Check path to SSH_USER_PERMITTED_KEYS */ |
|
|
} |
} |
/* cp now points to the comment part. */ |
/* cp now points to the comment part. */ |
|
|
|
/* check the real bits */ |
|
if (bits != BN_num_bits(n)) |
|
error("Warning: error in %s, line %d: keysize mismatch: " |
|
"actual size %d vs. announced %d.", |
|
file, linenum, BN_num_bits(n), bits); |
|
|
/* Check if the we have found the desired key (identified by its |
/* Check if the we have found the desired key (identified by its |
modulus). */ |
modulus). */ |
if (BN_cmp(n, client_n) != 0) |
if (BN_cmp(n, client_n) != 0) |
|
|
/* We have found the desired key. */ |
/* We have found the desired key. */ |
|
|
/* Perform the challenge-response dialog for this key. */ |
/* Perform the challenge-response dialog for this key. */ |
if (!auth_rsa_challenge_dialog(bits, e, n)) |
if (!auth_rsa_challenge_dialog(e, n)) |
{ |
{ |
/* Wrong response. */ |
/* Wrong response. */ |
log("Wrong response to RSA authentication challenge."); |
log("Wrong response to RSA authentication challenge."); |