| version 1.4.2.1, 2002/06/22 07:23:18 |
version 1.4.2.2, 2002/10/11 14:53:07 |
|
|
| RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
| |
|
| #include <openssl/evp.h> |
#include <openssl/evp.h> |
| |
#include <openssl/rand.h> |
| |
#include <openssl/rsa.h> |
| |
|
| #include "log.h" |
#include "log.h" |
| #include "key.h" |
#include "key.h" |
| |
#include "ssh.h" |
| #include "ssh2.h" |
#include "ssh2.h" |
| #include "misc.h" |
#include "misc.h" |
| #include "xmalloc.h" |
#include "xmalloc.h" |
|
|
| #include "msg.h" |
#include "msg.h" |
| #include "canohost.h" |
#include "canohost.h" |
| #include "pathnames.h" |
#include "pathnames.h" |
| |
#include "readconf.h" |
| |
|
| |
uid_t original_real_uid; /* XXX readconf.c needs this */ |
| |
|
| static int |
static int |
| valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, |
valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, |
| u_int datalen) |
u_int datalen) |
|
|
| main(int argc, char **argv) |
main(int argc, char **argv) |
| { |
{ |
| Buffer b; |
Buffer b; |
| |
Options options; |
| Key *keys[2], *key; |
Key *keys[2], *key; |
| struct passwd *pw; |
struct passwd *pw; |
| int key_fd[2], i, found, version = 2, fd; |
int key_fd[2], i, found, version = 2, fd; |
| u_char *signature, *data; |
u_char *signature, *data; |
| char *host; |
char *host; |
| u_int slen, dlen; |
u_int slen, dlen; |
| |
u_int32_t rnd[256]; |
| |
|
| key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
| key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
|
|
| log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
| #endif |
#endif |
| |
|
| |
/* verify that ssh-keysign is enabled by the admin */ |
| |
original_real_uid = getuid(); /* XXX readconf.c needs this */ |
| |
initialize_options(&options); |
| |
(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); |
| |
fill_default_options(&options); |
| |
if (options.hostbased_authentication != 1) |
| |
fatal("Hostbased authentication not enabled in %s", |
| |
_PATH_HOST_CONFIG_FILE); |
| |
|
| if (key_fd[0] == -1 && key_fd[1] == -1) |
if (key_fd[0] == -1 && key_fd[1] == -1) |
| fatal("could not open any host key"); |
fatal("could not open any host key"); |
| |
|
|
|
| pw = pwcopy(pw); |
pw = pwcopy(pw); |
| |
|
| SSLeay_add_all_algorithms(); |
SSLeay_add_all_algorithms(); |
| |
for (i = 0; i < 256; i++) |
| |
rnd[i] = arc4random(); |
| |
RAND_seed(rnd, sizeof(rnd)); |
| |
|
| found = 0; |
found = 0; |
| for (i = 0; i < 2; i++) { |
for (i = 0; i < 2; i++) { |
|
|
| keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, |
keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, |
| NULL, NULL); |
NULL, NULL); |
| close(key_fd[i]); |
close(key_fd[i]); |
| |
if (keys[i] != NULL && keys[i]->type == KEY_RSA) { |
| |
if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) { |
| |
error("RSA_blinding_on failed"); |
| |
key_free(keys[i]); |
| |
keys[i] = NULL; |
| |
} |
| |
} |
| if (keys[i] != NULL) |
if (keys[i] != NULL) |
| found = 1; |
found = 1; |
| } |
} |
|
|
| data = buffer_get_string(&b, &dlen); |
data = buffer_get_string(&b, &dlen); |
| if (valid_request(pw, host, &key, data, dlen) < 0) |
if (valid_request(pw, host, &key, data, dlen) < 0) |
| fatal("not a valid request"); |
fatal("not a valid request"); |
| xfree(data); |
|
| xfree(host); |
xfree(host); |
| |
|
| found = 0; |
found = 0; |
|
|
| |
|
| if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) |
if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) |
| fatal("key_sign failed"); |
fatal("key_sign failed"); |
| |
xfree(data); |
| |
|
| /* send reply */ |
/* send reply */ |
| buffer_clear(&b); |
buffer_clear(&b); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keysign.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh