| version 1.3, 2000/05/08 17:12:16 |
version 1.3.2.1, 2000/09/01 18:23:24 |
|
|
| #include "ssh.h" |
#include "ssh.h" |
| #include "buffer.h" |
#include "buffer.h" |
| #include "packet.h" |
#include "packet.h" |
| #include "authfd.h" |
|
| #include "cipher.h" |
#include "cipher.h" |
| #include "mpaux.h" |
#include "mpaux.h" |
| #include "uidswap.h" |
#include "uidswap.h" |
| #include "readconf.h" |
#include "readconf.h" |
| #include "key.h" |
#include "key.h" |
| |
#include "authfd.h" |
| #include "sshconnect.h" |
#include "sshconnect.h" |
| #include "authfile.h" |
#include "authfile.h" |
| |
|
|
|
| int |
int |
| try_agent_authentication() |
try_agent_authentication() |
| { |
{ |
| int status, type; |
int type; |
| char *comment; |
char *comment; |
| AuthenticationConnection *auth; |
AuthenticationConnection *auth; |
| unsigned char response[16]; |
unsigned char response[16]; |
| unsigned int i; |
unsigned int i; |
| BIGNUM *e, *n, *challenge; |
int plen, clen; |
| |
Key *key; |
| |
BIGNUM *challenge; |
| |
|
| /* Get connection to the agent. */ |
/* Get connection to the agent. */ |
| auth = ssh_get_authentication_connection(); |
auth = ssh_get_authentication_connection(); |
| if (!auth) |
if (!auth) |
| return 0; |
return 0; |
| |
|
| e = BN_new(); |
|
| n = BN_new(); |
|
| challenge = BN_new(); |
challenge = BN_new(); |
| |
key = key_new(KEY_RSA); |
| |
|
| /* Loop through identities served by the agent. */ |
/* Loop through identities served by the agent. */ |
| for (status = ssh_get_first_identity(auth, e, n, &comment); |
for (key = ssh_get_first_identity(auth, &comment, 1); |
| status; |
key != NULL; |
| status = ssh_get_next_identity(auth, e, n, &comment)) { |
key = ssh_get_next_identity(auth, &comment, 1)) { |
| int plen, clen; |
|
| |
|
| /* Try this identity. */ |
/* Try this identity. */ |
| debug("Trying RSA authentication via agent with '%.100s'", comment); |
debug("Trying RSA authentication via agent with '%.100s'", comment); |
|
|
| |
|
| /* Tell the server that we are willing to authenticate using this key. */ |
/* Tell the server that we are willing to authenticate using this key. */ |
| packet_start(SSH_CMSG_AUTH_RSA); |
packet_start(SSH_CMSG_AUTH_RSA); |
| packet_put_bignum(n); |
packet_put_bignum(key->rsa->n); |
| packet_send(); |
packet_send(); |
| packet_write_wait(); |
packet_write_wait(); |
| |
|
|
|
| does not support RSA authentication. */ |
does not support RSA authentication. */ |
| if (type == SSH_SMSG_FAILURE) { |
if (type == SSH_SMSG_FAILURE) { |
| debug("Server refused our key."); |
debug("Server refused our key."); |
| |
key_free(key); |
| continue; |
continue; |
| } |
} |
| /* Otherwise it should have sent a challenge. */ |
/* Otherwise it should have sent a challenge. */ |
|
|
| debug("Received RSA challenge from server."); |
debug("Received RSA challenge from server."); |
| |
|
| /* Ask the agent to decrypt the challenge. */ |
/* Ask the agent to decrypt the challenge. */ |
| if (!ssh_decrypt_challenge(auth, e, n, challenge, |
if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { |
| session_id, 1, response)) { |
/* |
| /* The agent failed to authenticate this identifier although it |
* The agent failed to authenticate this identifier |
| advertised it supports this. Just return a wrong value. */ |
* although it advertised it supports this. Just |
| |
* return a wrong value. |
| |
*/ |
| log("Authentication agent failed to decrypt challenge."); |
log("Authentication agent failed to decrypt challenge."); |
| memset(response, 0, sizeof(response)); |
memset(response, 0, sizeof(response)); |
| } |
} |
| |
key_free(key); |
| debug("Sending response to RSA challenge."); |
debug("Sending response to RSA challenge."); |
| |
|
| /* Send the decrypted challenge back to the server. */ |
/* Send the decrypted challenge back to the server. */ |
|
|
| |
|
| /* The server returns success if it accepted the authentication. */ |
/* The server returns success if it accepted the authentication. */ |
| if (type == SSH_SMSG_SUCCESS) { |
if (type == SSH_SMSG_SUCCESS) { |
| debug("RSA authentication accepted by server."); |
|
| BN_clear_free(e); |
|
| BN_clear_free(n); |
|
| BN_clear_free(challenge); |
BN_clear_free(challenge); |
| |
debug("RSA authentication accepted by server."); |
| return 1; |
return 1; |
| } |
} |
| /* Otherwise it should return failure. */ |
/* Otherwise it should return failure. */ |
|
|
| packet_disconnect("Protocol error waiting RSA auth response: %d", |
packet_disconnect("Protocol error waiting RSA auth response: %d", |
| type); |
type); |
| } |
} |
| |
|
| BN_clear_free(e); |
|
| BN_clear_free(n); |
|
| BN_clear_free(challenge); |
BN_clear_free(challenge); |
| |
|
| debug("RSA authentication using agent refused."); |
debug("RSA authentication using agent refused."); |
| return 0; |
return 0; |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshconnect1.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh