source: trunk/third/openssh/auth-rh-rsa.c @ 17139

Revision 17139, 2.8 KB checked in by zacheiss, 23 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r17138, which included commits to RCS files with non-trunk default branches.
Line 
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 *                    All rights reserved
5 * Rhosts or /etc/hosts.equiv authentication combined with RSA host
6 * authentication.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose.  Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14
15#include "includes.h"
16RCSID("$OpenBSD: auth-rh-rsa.c,v 1.26 2001/11/07 22:41:51 markus Exp $");
17
18#include "packet.h"
19#include "xmalloc.h"
20#include "uidswap.h"
21#include "log.h"
22#include "servconf.h"
23#include "key.h"
24#include "hostfile.h"
25#include "pathnames.h"
26#include "auth.h"
27#include "canohost.h"
28
29/*
30 * Tries to authenticate the user using the .rhosts file and the host using
31 * its host key.  Returns true if authentication succeeds.
32 */
33
34int
35auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
36{
37        extern ServerOptions options;
38        const char *canonical_hostname;
39        HostStatus host_status;
40        Key *client_key;
41
42        debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);
43
44        if (pw == NULL || client_host_key == NULL)
45                return 0;
46
47        /* Check if we would accept it using rhosts authentication. */
48        if (!auth_rhosts(pw, client_user))
49                return 0;
50
51        canonical_hostname = get_canonical_hostname(
52            options.reverse_mapping_check);
53
54        debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname);
55
56        /* wrap the RSA key into a 'generic' key */
57        client_key = key_new(KEY_RSA1);
58        BN_copy(client_key->rsa->e, client_host_key->e);
59        BN_copy(client_key->rsa->n, client_host_key->n);
60
61        host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,
62            _PATH_SSH_SYSTEM_HOSTFILE,
63            options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
64
65        key_free(client_key);
66
67        if (host_status != HOST_OK) {
68                debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
69                packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
70                return 0;
71        }
72        /* A matching host key was found and is known. */
73
74        /* Perform the challenge-response dialog with the client for the host key. */
75        if (!auth_rsa_challenge_dialog(client_host_key)) {
76                log("Client on %.800s failed to respond correctly to host authentication.",
77                    canonical_hostname);
78                return 0;
79        }
80        /*
81         * We have authenticated the user using .rhosts or /etc/hosts.equiv,
82         * and the host using RSA. We accept the authentication.
83         */
84
85        verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
86           pw->pw_name, client_user, canonical_hostname);
87        packet_send_debug("Rhosts with RSA host authentication accepted.");
88        return 1;
89}
Note: See TracBrowser for help on using the repository browser.