version 1.4, 2000/07/16 08:27:22 |
version 1.5, 2000/08/19 21:34:44 |
|
|
int |
int |
try_agent_authentication() |
try_agent_authentication() |
{ |
{ |
int status, type; |
int type; |
char *comment; |
char *comment; |
AuthenticationConnection *auth; |
AuthenticationConnection *auth; |
unsigned char response[16]; |
unsigned char response[16]; |
unsigned int i; |
unsigned int i; |
BIGNUM *e, *n, *challenge; |
int plen, clen; |
|
Key *key; |
|
BIGNUM *challenge; |
|
|
/* Get connection to the agent. */ |
/* Get connection to the agent. */ |
auth = ssh_get_authentication_connection(); |
auth = ssh_get_authentication_connection(); |
if (!auth) |
if (!auth) |
return 0; |
return 0; |
|
|
e = BN_new(); |
|
n = BN_new(); |
|
challenge = BN_new(); |
challenge = BN_new(); |
|
key = key_new(KEY_RSA); |
|
|
/* Loop through identities served by the agent. */ |
/* Loop through identities served by the agent. */ |
for (status = ssh_get_first_identity(auth, e, n, &comment); |
for (key = ssh_get_first_identity(auth, &comment, 1); |
status; |
key != NULL; |
status = ssh_get_next_identity(auth, e, n, &comment)) { |
key = ssh_get_next_identity(auth, &comment, 1)) { |
int plen, clen; |
|
|
|
/* Try this identity. */ |
/* Try this identity. */ |
debug("Trying RSA authentication via agent with '%.100s'", comment); |
debug("Trying RSA authentication via agent with '%.100s'", comment); |
|
|
|
|
/* Tell the server that we are willing to authenticate using this key. */ |
/* Tell the server that we are willing to authenticate using this key. */ |
packet_start(SSH_CMSG_AUTH_RSA); |
packet_start(SSH_CMSG_AUTH_RSA); |
packet_put_bignum(n); |
packet_put_bignum(key->rsa->n); |
packet_send(); |
packet_send(); |
packet_write_wait(); |
packet_write_wait(); |
|
|
|
|
does not support RSA authentication. */ |
does not support RSA authentication. */ |
if (type == SSH_SMSG_FAILURE) { |
if (type == SSH_SMSG_FAILURE) { |
debug("Server refused our key."); |
debug("Server refused our key."); |
|
key_free(key); |
continue; |
continue; |
} |
} |
/* Otherwise it should have sent a challenge. */ |
/* Otherwise it should have sent a challenge. */ |
|
|
debug("Received RSA challenge from server."); |
debug("Received RSA challenge from server."); |
|
|
/* Ask the agent to decrypt the challenge. */ |
/* Ask the agent to decrypt the challenge. */ |
if (!ssh_decrypt_challenge(auth, e, n, challenge, |
if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { |
session_id, 1, response)) { |
/* |
/* The agent failed to authenticate this identifier although it |
* The agent failed to authenticate this identifier |
advertised it supports this. Just return a wrong value. */ |
* although it advertised it supports this. Just |
|
* return a wrong value. |
|
*/ |
log("Authentication agent failed to decrypt challenge."); |
log("Authentication agent failed to decrypt challenge."); |
memset(response, 0, sizeof(response)); |
memset(response, 0, sizeof(response)); |
} |
} |
|
key_free(key); |
debug("Sending response to RSA challenge."); |
debug("Sending response to RSA challenge."); |
|
|
/* Send the decrypted challenge back to the server. */ |
/* Send the decrypted challenge back to the server. */ |
|
|
|
|
/* The server returns success if it accepted the authentication. */ |
/* The server returns success if it accepted the authentication. */ |
if (type == SSH_SMSG_SUCCESS) { |
if (type == SSH_SMSG_SUCCESS) { |
debug("RSA authentication accepted by server."); |
|
BN_clear_free(e); |
|
BN_clear_free(n); |
|
BN_clear_free(challenge); |
BN_clear_free(challenge); |
|
debug("RSA authentication accepted by server."); |
return 1; |
return 1; |
} |
} |
/* Otherwise it should return failure. */ |
/* Otherwise it should return failure. */ |
|
|
packet_disconnect("Protocol error waiting RSA auth response: %d", |
packet_disconnect("Protocol error waiting RSA auth response: %d", |
type); |
type); |
} |
} |
|
|
BN_clear_free(e); |
|
BN_clear_free(n); |
|
BN_clear_free(challenge); |
BN_clear_free(challenge); |
|
|
debug("RSA authentication using agent refused."); |
debug("RSA authentication using agent refused."); |
return 0; |
return 0; |
} |
} |