version 1.4.2.2, 2002/10/11 14:53:07 |
version 1.5, 2002/06/26 22:27:32 |
|
|
RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
|
|
#include <openssl/evp.h> |
#include <openssl/evp.h> |
#include <openssl/rand.h> |
|
#include <openssl/rsa.h> |
|
|
|
#include "log.h" |
#include "log.h" |
#include "key.h" |
#include "key.h" |
#include "ssh.h" |
|
#include "ssh2.h" |
#include "ssh2.h" |
#include "misc.h" |
#include "misc.h" |
#include "xmalloc.h" |
#include "xmalloc.h" |
|
|
#include "msg.h" |
#include "msg.h" |
#include "canohost.h" |
#include "canohost.h" |
#include "pathnames.h" |
#include "pathnames.h" |
#include "readconf.h" |
|
|
|
uid_t original_real_uid; /* XXX readconf.c needs this */ |
|
|
|
static int |
static int |
valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, |
valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, |
u_int datalen) |
u_int datalen) |
|
|
main(int argc, char **argv) |
main(int argc, char **argv) |
{ |
{ |
Buffer b; |
Buffer b; |
Options options; |
|
Key *keys[2], *key; |
Key *keys[2], *key; |
struct passwd *pw; |
struct passwd *pw; |
int key_fd[2], i, found, version = 2, fd; |
int key_fd[2], i, found, version = 2, fd; |
u_char *signature, *data; |
u_char *signature, *data; |
char *host; |
char *host; |
u_int slen, dlen; |
u_int slen, dlen; |
u_int32_t rnd[256]; |
|
|
|
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
|
|
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
#endif |
#endif |
|
|
/* verify that ssh-keysign is enabled by the admin */ |
|
original_real_uid = getuid(); /* XXX readconf.c needs this */ |
|
initialize_options(&options); |
|
(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); |
|
fill_default_options(&options); |
|
if (options.hostbased_authentication != 1) |
|
fatal("Hostbased authentication not enabled in %s", |
|
_PATH_HOST_CONFIG_FILE); |
|
|
|
if (key_fd[0] == -1 && key_fd[1] == -1) |
if (key_fd[0] == -1 && key_fd[1] == -1) |
fatal("could not open any host key"); |
fatal("could not open any host key"); |
|
|
|
|
pw = pwcopy(pw); |
pw = pwcopy(pw); |
|
|
SSLeay_add_all_algorithms(); |
SSLeay_add_all_algorithms(); |
for (i = 0; i < 256; i++) |
|
rnd[i] = arc4random(); |
|
RAND_seed(rnd, sizeof(rnd)); |
|
|
|
found = 0; |
found = 0; |
for (i = 0; i < 2; i++) { |
for (i = 0; i < 2; i++) { |
|
|
keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, |
keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, |
NULL, NULL); |
NULL, NULL); |
close(key_fd[i]); |
close(key_fd[i]); |
if (keys[i] != NULL && keys[i]->type == KEY_RSA) { |
|
if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) { |
|
error("RSA_blinding_on failed"); |
|
key_free(keys[i]); |
|
keys[i] = NULL; |
|
} |
|
} |
|
if (keys[i] != NULL) |
if (keys[i] != NULL) |
found = 1; |
found = 1; |
} |
} |