version 1.28, 2001/03/08 21:42:33 |
version 1.29, 2001/03/26 08:07:09 |
|
|
int plen, clen; |
int plen, clen; |
|
|
/* Try to load identification for the authentication key. */ |
/* Try to load identification for the authentication key. */ |
public = key_new(KEY_RSA1); |
/* XXKEYLOAD */ |
if (!load_public_key(authfile, public, &comment)) { |
public = key_load_public_type(KEY_RSA1, authfile, &comment); |
key_free(public); |
if (public == NULL) { |
/* Could not load it. Fail. */ |
/* Could not load it. Fail. */ |
return 0; |
return 0; |
} |
} |
|
|
|
|
debug("Received RSA challenge from server."); |
debug("Received RSA challenge from server."); |
|
|
private = key_new(KEY_RSA1); |
|
/* |
/* |
* Load the private key. Try first with empty passphrase; if it |
* Load the private key. Try first with empty passphrase; if it |
* fails, ask for a passphrase. |
* fails, ask for a passphrase. |
*/ |
*/ |
if (!load_private_key(authfile, "", private, NULL)) { |
private = key_load_private_type(KEY_RSA1, authfile, "", NULL); |
|
if (private == NULL) { |
char buf[300]; |
char buf[300]; |
snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ", |
snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ", |
comment); |
comment); |
|
|
} |
} |
|
|
/* Load the authentication file using the pasphrase. */ |
/* Load the authentication file using the pasphrase. */ |
if (!load_private_key(authfile, passphrase, private, NULL)) { |
private = key_load_private_type(KEY_RSA1, authfile, passphrase, NULL); |
|
if (private == NULL) { |
memset(passphrase, 0, strlen(passphrase)); |
memset(passphrase, 0, strlen(passphrase)); |
xfree(passphrase); |
xfree(passphrase); |
error("Bad passphrase."); |
error("Bad passphrase."); |
|
|
/* Expect the server to reject it... */ |
/* Expect the server to reject it... */ |
packet_read_expect(&plen, SSH_SMSG_FAILURE); |
packet_read_expect(&plen, SSH_SMSG_FAILURE); |
xfree(comment); |
xfree(comment); |
key_free(private); |
|
BN_clear_free(challenge); |
BN_clear_free(challenge); |
return 0; |
return 0; |
} |
} |
|
|
* authentication and RSA host authentication. |
* authentication and RSA host authentication. |
*/ |
*/ |
int |
int |
try_rhosts_rsa_authentication(const char *local_user, RSA * host_key) |
try_rhosts_rsa_authentication(const char *local_user, Key * host_key) |
{ |
{ |
int type; |
int type; |
BIGNUM *challenge; |
BIGNUM *challenge; |
|
|
/* Tell the server that we are willing to authenticate using this key. */ |
/* Tell the server that we are willing to authenticate using this key. */ |
packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); |
packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); |
packet_put_string(local_user, strlen(local_user)); |
packet_put_string(local_user, strlen(local_user)); |
packet_put_int(BN_num_bits(host_key->n)); |
packet_put_int(BN_num_bits(host_key->rsa->n)); |
packet_put_bignum(host_key->e); |
packet_put_bignum(host_key->rsa->e); |
packet_put_bignum(host_key->n); |
packet_put_bignum(host_key->rsa->n); |
packet_send(); |
packet_send(); |
packet_write_wait(); |
packet_write_wait(); |
|
|
|
|
debug("Received RSA challenge for host key from server."); |
debug("Received RSA challenge for host key from server."); |
|
|
/* Compute a response to the challenge. */ |
/* Compute a response to the challenge. */ |
respond_to_rsa_challenge(challenge, host_key); |
respond_to_rsa_challenge(challenge, host_key->rsa); |
|
|
/* We no longer need the challenge. */ |
/* We no longer need the challenge. */ |
BN_clear_free(challenge); |
BN_clear_free(challenge); |
|
|
const char *local_user, |
const char *local_user, |
const char *server_user, |
const char *server_user, |
char *host, |
char *host, |
int host_key_valid, RSA *own_host_key) |
Key *own_host_key) |
{ |
{ |
int i, type; |
int i, type; |
int payload_len; |
int payload_len; |
|
|
* authentication. |
* authentication. |
*/ |
*/ |
if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && |
if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && |
options.rhosts_rsa_authentication && host_key_valid) { |
options.rhosts_rsa_authentication && own_host_key != NULL) { |
if (try_rhosts_rsa_authentication(local_user, own_host_key)) |
if (try_rhosts_rsa_authentication(local_user, own_host_key)) |
return; |
return; |
} |
} |