Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 7a2073c50b92c053594d48a651ebafae052a71ed^! / . / auth-rsa.c
commit7a2073c50b92c053594d48a651ebafae052a71ed[log] [tgz]
authorBen Lindstrom <mouring@eviladmin.org>Fri Mar 22 02:30:41 2002 +0000
committerBen Lindstrom <mouring@eviladmin.org>Fri Mar 22 02:30:41 2002 +0000
tree7cfceb925262a07a356b0667e19f33eec497b602
parent0f345f5ee1e71e1e9f8780ec13b2da23b6a9f7f8 [diff] [blame]
   - provos@cvs.openbsd.org 2002/03/18 17:50:31
     [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!

diff --git a/auth-rsa.c b/auth-rsa.c
index ff9bf3b..9c5d484 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c

@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.51 2002/03/14 16:56:33 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.52 2002/03/18 17:50:31 provos Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -32,6 +32,7 @@
 #include "servconf.h"
 #include "auth.h"
 #include "hostfile.h"
+#include "monitor_wrap.h"
 
 /* import */
 extern ServerOptions options;
@@ -52,7 +53,7 @@
  * description of the options.
  */
 
-static BIGNUM *
+BIGNUM *
 auth_rsa_generate_challenge(Key *key)
 {
 	BIGNUM *challenge;
@@ -70,7 +71,7 @@
 	return challenge;
 }
 
-static int
+int
 auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
 {
 	u_char buf[32], mdbuf[16];
@@ -113,7 +114,7 @@
 	if ((encrypted_challenge = BN_new()) == NULL)
 		fatal("auth_rsa_challenge_dialog: BN_new() failed");
 
-	challenge = auth_rsa_generate_challenge(key);
+	challenge = PRIVSEP(auth_rsa_generate_challenge(key));
 
 	/* Encrypt the challenge with the public key. */
 	rsa_public_encrypt(encrypted_challenge, challenge, key->rsa);
@@ -131,7 +132,7 @@
 		response[i] = packet_get_char();
 	packet_check_eom();
 
-	success = auth_rsa_verify_response(key, challenge, response);
+	success = PRIVSEP(auth_rsa_verify_response(key, challenge, response));
 	BN_clear_free(challenge);
 	return (success);
 }
@@ -141,11 +142,11 @@
  * return key if login is allowed, NULL otherwise
  */
 
-static int
+int
 auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 {
 	char line[8192], *file;
-	int allowed;
+	int allowed = 0;
 	u_int bits;
 	FILE *f;
 	u_long linenum = 0;
@@ -284,7 +285,7 @@
 	if (pw == NULL)
 		return 0;
 
-	if (auth_rsa_key_allowed(pw, client_n, &key) == 0) {
+	if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
 		auth_clear_options();
 		return (0);
 	}