=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- src/usr.bin/ssh/auth2.c 2000/10/14 12:16:56 1.20 +++ src/usr.bin/ssh/auth2.c 2000/11/12 19:50:37 1.21 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.20 2000/10/14 12:16:56 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.21 2000/11/12 19:50:37 markus Exp $"); #include #include @@ -47,7 +47,6 @@ #include "key.h" #include "kex.h" -#include "dsa.h" #include "uidswap.h" #include "auth-options.h" @@ -76,7 +75,7 @@ /* helper */ Authmethod *authmethod_lookup(const char *name); struct passwd *pwcopy(struct passwd *pw); -int user_dsa_key_allowed(struct passwd *pw, Key *key); +int user_key_allowed(struct passwd *pw, Key *key); char *authmethods_get(void); /* auth */ @@ -91,7 +90,7 @@ &one}, {"publickey", userauth_pubkey, - &options.dsa_authentication}, + &options.pubkey_authentication}, {"keyboard-interactive", userauth_kbdint, &options.kbd_interactive_authentication}, @@ -359,7 +358,7 @@ Key *key; char *pkalg, *pkblob, *sig; unsigned int alen, blen, slen; - int have_sig; + int have_sig, pktype; int authenticated = 0; if (!authctxt->valid) { @@ -368,13 +367,14 @@ } have_sig = packet_get_char(); pkalg = packet_get_string(&alen); - if (strcmp(pkalg, KEX_DSS) != 0) { - log("bad pkalg %s", pkalg); /*XXX*/ + pktype = key_type_from_name(pkalg); + if (pktype == KEY_UNSPEC) { + log("bad pkalg %s", pkalg); xfree(pkalg); return 0; } pkblob = packet_get_string(&blen); - key = dsa_key_from_blob(pkblob, blen); + key = key_from_blob(pkblob, blen); if (key != NULL) { if (have_sig) { sig = packet_get_string(&slen); @@ -394,14 +394,14 @@ authctxt->service); buffer_put_cstring(&b, "publickey"); buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, KEX_DSS); + buffer_put_cstring(&b, key_ssh_name(key)); buffer_put_string(&b, pkblob, blen); -#ifdef DEBUG_DSS +#ifdef DEBUG_PK buffer_dump(&b); #endif /* test for correct signature */ - if (user_dsa_key_allowed(authctxt->pw, key) && - dsa_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) + if (user_key_allowed(authctxt->pw, key) && + key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) authenticated = 1; buffer_clear(&b); xfree(sig); @@ -417,7 +417,7 @@ * if a user is not allowed to login. is this an * issue? -markus */ - if (user_dsa_key_allowed(authctxt->pw, key)) { + if (user_key_allowed(authctxt->pw, key)) { packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); packet_put_string(pkblob, blen); @@ -430,6 +430,7 @@ auth_clear_options(); key_free(key); } + debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); xfree(pkalg); xfree(pkblob); return authenticated; @@ -493,11 +494,10 @@ /* return 1 if user allows given key */ int -user_dsa_key_allowed(struct passwd *pw, Key *key) +user_key_allowed(struct passwd *pw, Key *key) { char line[8192], file[1024]; int found_key = 0; - unsigned int bits = -1; FILE *f; unsigned long linenum = 0; struct stat st; @@ -578,10 +578,10 @@ if (!*cp || *cp == '\n' || *cp == '#') continue; - bits = key_read(found, &cp); - if (bits == 0) { + if (key_read(found, &cp) == -1) { /* no key? check if there are options for this key */ int quoted = 0; + debug2("user_key_allowed: check options: '%s'", cp); options = cp; for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { if (*cp == '\\' && cp[1] == '"') @@ -592,8 +592,8 @@ /* Skip remaining whitespace. */ for (; *cp == ' ' || *cp == '\t'; cp++) ; - bits = key_read(found, &cp); - if (bits == 0) { + if (key_read(found, &cp) == -1) { + debug2("user_key_allowed: advance: '%s'", cp); /* still no key? advance to next line*/ continue; }