- OpenBSD CVS update
- [auth-krb4.c]
-Wall
- [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
[match.h ssh.c ssh.h sshconnect.c sshd.c]
initial support for DSA keys. ok deraadt@, niels@
- [cipher.c cipher.h]
remove unused cipher_attack_detected code
- [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
Fix some formatting problems I missed before.
- [ssh.1 sshd.8]
fix spelling errors, From: FreeBSD
- [ssh.c]
switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 1392455..1978257 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,7 +15,18 @@
*/
#include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/25 00:54:57 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.8 2000/03/26 03:04:52 damien Exp $");
+
+#ifdef HAVE_OPENSSL
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#endif
+#ifdef HAVE_SSL
+#include <ssl/bn.h>
+#include <ssl/rsa.h>
+#include <ssl/dsa.h>
+#endif
#include "packet.h"
#include "ssh.h"
@@ -23,37 +34,44 @@
#include "uidswap.h"
#include "servconf.h"
+#include "key.h"
+#include "hostfile.h"
+
/*
* Tries to authenticate the user using the .rhosts file and the host using
* its host key. Returns true if authentication succeeds.
*/
int
-auth_rhosts_rsa(struct passwd *pw, const char *client_user,
- BIGNUM *client_host_key_e, BIGNUM *client_host_key_n)
+auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
{
extern ServerOptions options;
const char *canonical_hostname;
HostStatus host_status;
- BIGNUM *ke, *kn;
+ Key *client_key, *found;
debug("Trying rhosts with RSA host authentication for %.100s", client_user);
+ if (client_host_key == NULL)
+ return 0;
+
/* Check if we would accept it using rhosts authentication. */
if (!auth_rhosts(pw, client_user))
return 0;
canonical_hostname = get_canonical_hostname();
- debug("Rhosts RSA authentication: canonical host %.900s",
- canonical_hostname);
+ debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
+
+ /* wrap the RSA key into a 'generic' key */
+ client_key = key_new(KEY_RSA);
+ BN_copy(client_key->rsa->e, client_host_key->e);
+ BN_copy(client_key->rsa->n, client_host_key->n);
+ found = key_new(KEY_RSA);
/* Check if we know the host and its host key. */
- ke = BN_new();
- kn = BN_new();
host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
- client_host_key_e, client_host_key_n,
- ke, kn);
+ client_key, found);
/* Check user host file unless ignored. */
if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
@@ -73,14 +91,13 @@
/* XXX race between stat and the following open() */
temporarily_use_uid(pw->pw_uid);
host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
- client_host_key_e, client_host_key_n,
- ke, kn);
+ client_key, found);
restore_uid();
}
xfree(user_hostfile);
}
- BN_free(ke);
- BN_free(kn);
+ key_free(client_key);
+ key_free(found);
if (host_status != HOST_OK) {
debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
@@ -90,7 +107,7 @@
/* A matching host key was found and is known. */
/* Perform the challenge-response dialog with the client for the host key. */
- if (!auth_rsa_challenge_dialog(client_host_key_e, client_host_key_n)) {
+ if (!auth_rsa_challenge_dialog(client_host_key)) {
log("Client on %.800s failed to respond correctly to host authentication.",
canonical_hostname);
return 0;
@@ -101,7 +118,7 @@
*/
verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
- pw->pw_name, client_user, canonical_hostname);
+ pw->pw_name, client_user, canonical_hostname);
packet_send_debug("Rhosts with RSA host authentication accepted.");
return 1;
}