version 1.8.2.3, 2001/03/21 19:46:31 |
version 1.8.2.4, 2001/05/07 21:09:37 |
|
|
int plen, clen; |
int plen, clen; |
|
|
/* Try to load identification for the authentication key. */ |
/* Try to load identification for the authentication key. */ |
public = key_new(KEY_RSA1); |
/* XXKEYLOAD */ |
if (!load_public_key(authfile, public, &comment)) { |
public = key_load_public_type(KEY_RSA1, authfile, &comment); |
key_free(public); |
if (public == NULL) { |
/* Could not load it. Fail. */ |
/* Could not load it. Fail. */ |
return 0; |
return 0; |
} |
} |
|
|
|
|
debug("Received RSA challenge from server."); |
debug("Received RSA challenge from server."); |
|
|
private = key_new(KEY_RSA1); |
|
/* |
/* |
* Load the private key. Try first with empty passphrase; if it |
* Load the private key. Try first with empty passphrase; if it |
* fails, ask for a passphrase. |
* fails, ask for a passphrase. |
*/ |
*/ |
if (!load_private_key(authfile, "", private, NULL)) { |
private = key_load_private_type(KEY_RSA1, authfile, "", NULL); |
|
if (private == NULL) { |
char buf[300]; |
char buf[300]; |
snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ", |
snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ", |
comment); |
comment); |
|
|
} |
} |
|
|
/* Load the authentication file using the pasphrase. */ |
/* Load the authentication file using the pasphrase. */ |
if (!load_private_key(authfile, passphrase, private, NULL)) { |
private = key_load_private_type(KEY_RSA1, authfile, passphrase, NULL); |
|
if (private == NULL) { |
memset(passphrase, 0, strlen(passphrase)); |
memset(passphrase, 0, strlen(passphrase)); |
xfree(passphrase); |
xfree(passphrase); |
error("Bad passphrase."); |
error("Bad passphrase."); |
|
|
/* Expect the server to reject it... */ |
/* Expect the server to reject it... */ |
packet_read_expect(&plen, SSH_SMSG_FAILURE); |
packet_read_expect(&plen, SSH_SMSG_FAILURE); |
xfree(comment); |
xfree(comment); |
key_free(private); |
|
BN_clear_free(challenge); |
BN_clear_free(challenge); |
return 0; |
return 0; |
} |
} |
|
|
* authentication and RSA host authentication. |
* authentication and RSA host authentication. |
*/ |
*/ |
int |
int |
try_rhosts_rsa_authentication(const char *local_user, RSA * host_key) |
try_rhosts_rsa_authentication(const char *local_user, Key * host_key) |
{ |
{ |
int type; |
int type; |
BIGNUM *challenge; |
BIGNUM *challenge; |
|
|
/* Tell the server that we are willing to authenticate using this key. */ |
/* Tell the server that we are willing to authenticate using this key. */ |
packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); |
packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); |
packet_put_string(local_user, strlen(local_user)); |
packet_put_string(local_user, strlen(local_user)); |
packet_put_int(BN_num_bits(host_key->n)); |
packet_put_int(BN_num_bits(host_key->rsa->n)); |
packet_put_bignum(host_key->e); |
packet_put_bignum(host_key->rsa->e); |
packet_put_bignum(host_key->n); |
packet_put_bignum(host_key->rsa->n); |
packet_send(); |
packet_send(); |
packet_write_wait(); |
packet_write_wait(); |
|
|
|
|
debug("Received RSA challenge for host key from server."); |
debug("Received RSA challenge for host key from server."); |
|
|
/* Compute a response to the challenge. */ |
/* Compute a response to the challenge. */ |
respond_to_rsa_challenge(challenge, host_key); |
respond_to_rsa_challenge(challenge, host_key->rsa); |
|
|
/* We no longer need the challenge. */ |
/* We no longer need the challenge. */ |
BN_clear_free(challenge); |
BN_clear_free(challenge); |
|
|
* Authenticate user |
* Authenticate user |
*/ |
*/ |
void |
void |
ssh_userauth( |
ssh_userauth1(const char *local_user, const char *server_user, char *host, |
const char *local_user, |
Key **keys, int nkeys) |
const char *server_user, |
|
char *host, |
|
int host_key_valid, RSA *own_host_key) |
|
{ |
{ |
int i, type; |
int i, type; |
int payload_len; |
int payload_len; |
|
|
if (supported_authentications == 0) |
if (supported_authentications == 0) |
fatal("ssh_userauth: server supports no auth methods"); |
fatal("ssh_userauth1: server supports no auth methods"); |
|
|
/* Send the name of the user to log in as on the server. */ |
/* Send the name of the user to log in as on the server. */ |
packet_start(SSH_CMSG_USER); |
packet_start(SSH_CMSG_USER); |
|
|
* authentication. |
* authentication. |
*/ |
*/ |
if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && |
if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && |
options.rhosts_rsa_authentication && host_key_valid) { |
options.rhosts_rsa_authentication) { |
if (try_rhosts_rsa_authentication(local_user, own_host_key)) |
for (i = 0; i < nkeys; i++) { |
return; |
if (keys[i] != NULL && keys[i]->type == KEY_RSA1 && |
|
try_rhosts_rsa_authentication(local_user, keys[i])) |
|
return; |
|
} |
} |
} |
/* Try RSA authentication if the server supports it. */ |
/* Try RSA authentication if the server supports it. */ |
if ((supported_authentications & (1 << SSH_AUTH_RSA)) && |
if ((supported_authentications & (1 << SSH_AUTH_RSA)) && |