| version 1.8, 1999/11/11 23:36:52 |
version 1.9, 1999/11/15 20:53:24 |
|
|
| our challenge; returns zero if the client gives a wrong answer. */ |
our challenge; returns zero if the client gives a wrong answer. */ |
| |
|
| int |
int |
| auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n) |
auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) |
| { |
{ |
| BIGNUM *challenge, *encrypted_challenge, *aux; |
BIGNUM *challenge, *encrypted_challenge, *aux; |
| RSA *pk; |
RSA *pk; |
|
|
| auth_rsa(struct passwd *pw, BIGNUM *client_n) |
auth_rsa(struct passwd *pw, BIGNUM *client_n) |
| { |
{ |
| extern ServerOptions options; |
extern ServerOptions options; |
| char line[8192]; |
char line[8192], file[1024]; |
| int authenticated; |
int authenticated; |
| unsigned int bits; |
unsigned int bits; |
| FILE *f; |
FILE *f; |
|
|
| temporarily_use_uid(pw->pw_uid); |
temporarily_use_uid(pw->pw_uid); |
| |
|
| /* The authorized keys. */ |
/* The authorized keys. */ |
| snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, |
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, |
| SSH_USER_PERMITTED_KEYS); |
SSH_USER_PERMITTED_KEYS); |
| |
|
| /* Fail quietly if file does not exist */ |
/* Fail quietly if file does not exist */ |
| if (stat(line, &st) < 0) |
if (stat(file, &st) < 0) |
| { |
{ |
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
| restore_uid(); |
restore_uid(); |
|
|
| } |
} |
| |
|
| /* Open the file containing the authorized keys. */ |
/* Open the file containing the authorized keys. */ |
| f = fopen(line, "r"); |
f = fopen(file, "r"); |
| if (!f) |
if (!f) |
| { |
{ |
| /* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
| restore_uid(); |
restore_uid(); |
| packet_send_debug("Could not open %.900s for reading.", line); |
packet_send_debug("Could not open %.900s for reading.", file); |
| packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); |
packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); |
| return 0; |
return 0; |
| } |
} |
|
|
| (st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
(st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
| (st.st_mode & 022) != 0) { |
(st.st_mode & 022) != 0) { |
| snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: " |
snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: " |
| "bad ownership or modes for '%s'.", pw->pw_name, line); |
"bad ownership or modes for '%s'.", pw->pw_name, file); |
| fail=1; |
fail=1; |
| }else{ |
}else{ |
| /* Check path to SSH_USER_PERMITTED_KEYS */ |
/* Check path to SSH_USER_PERMITTED_KEYS */ |
|
|
| } |
} |
| /* cp now points to the comment part. */ |
/* cp now points to the comment part. */ |
| |
|
| |
/* check the real bits */ |
| |
if (bits != BN_num_bits(n)) |
| |
error("Warning: error in %s, line %d: keysize mismatch: " |
| |
"actual size %d vs. announced %d.", |
| |
file, linenum, BN_num_bits(n), bits); |
| |
|
| /* Check if the we have found the desired key (identified by its |
/* Check if the we have found the desired key (identified by its |
| modulus). */ |
modulus). */ |
| if (BN_cmp(n, client_n) != 0) |
if (BN_cmp(n, client_n) != 0) |
|
|
| /* We have found the desired key. */ |
/* We have found the desired key. */ |
| |
|
| /* Perform the challenge-response dialog for this key. */ |
/* Perform the challenge-response dialog for this key. */ |
| if (!auth_rsa_challenge_dialog(bits, e, n)) |
if (!auth_rsa_challenge_dialog(e, n)) |
| { |
{ |
| /* Wrong response. */ |
/* Wrong response. */ |
| log("Wrong response to RSA authentication challenge."); |
log("Wrong response to RSA authentication challenge."); |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-rsa.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh