source: trunk/third/ssh/auth-rh-rsa.c @ 12646

Revision 12646, 3.7 KB checked in by danw, 26 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r12645, which included commits to RCS files with non-trunk default branches.
Line 
1/*
2
3auth-rh-rsa.c
4
5Author: Tatu Ylonen <ylo@cs.hut.fi>
6
7Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8                   All rights reserved
9
10Created: Sun May  7 03:08:06 1995 ylo
11
12Rhosts or /etc/hosts.equiv authentication combined with RSA host
13authentication.
14
15*/
16
17/*
18 * $Id: auth-rh-rsa.c,v 1.1.1.3 1999-03-08 17:43:05 danw Exp $
19 * $Log: not supported by cvs2svn $
20 * Revision 1.3  1998/03/27  16:53:36  kivinen
21 *      Added ignore_root_rhosts support.
22 *
23 * Revision 1.2  1996/10/29 22:34:10  kivinen
24 *      log -> log_msg.
25 *
26 * Revision 1.1.1.1  1996/02/18 21:38:12  ylo
27 *      Imported ssh-1.2.13.
28 *
29 * Revision 1.5  1995/09/21  17:06:50  ylo
30 *      Added ignore_rhosts.
31 *
32 * Revision 1.4  1995/08/31  09:18:58  ylo
33 *      Tilde-expand the name of user hostfile.
34 *
35 * Revision 1.3  1995/07/13  01:12:51  ylo
36 *      Removed the "Last modified" header.
37 *
38 * $Endlog$
39 */
40
41#include "includes.h"
42#include "packet.h"
43#include "ssh.h"
44#include "xmalloc.h"
45
46/* Tries to authenticate the user using the .rhosts file and the host using
47   its host key.  Returns true if authentication succeeds.
48   .rhosts and .shosts will be ignored if ignore_rhosts is non-zero,
49   unless the user is root and ignore_root_rhosts is zero. */
50
51int auth_rhosts_rsa(RandomState *state,
52                    struct passwd *pw, const char *client_user,
53                    unsigned int client_host_key_bits,
54                    MP_INT *client_host_key_e, MP_INT *client_host_key_n,
55                    int ignore_rhosts, int ignore_root_rhosts,
56                    int strict_modes)
57{
58  char *user_hostfile;
59  const char *canonical_hostname;
60
61  debug("Trying rhosts with RSA host authentication for %.100s", client_user);
62
63  /* Check if we would accept it using rhosts authentication. */
64  if (!auth_rhosts(pw, client_user, ignore_rhosts, ignore_root_rhosts,
65                   strict_modes))
66    return 0;
67
68  canonical_hostname = get_canonical_hostname();
69
70  debug("Rhosts RSA authentication: canonical host %.900s",
71        canonical_hostname);
72 
73  /* Format the name of the file containing per-user known hosts. */
74  user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
75
76  /* Check if we know the host and its host key. */
77  /* Check system-wide host file. */
78  if (check_host_in_hostfile(pw->pw_uid, SSH_SYSTEM_HOSTFILE,
79                             canonical_hostname,
80                             client_host_key_bits, client_host_key_e,
81                             client_host_key_n) != HOST_OK)
82    {
83      /* Check per-user host file.  Use the user's privileges. */
84      if (check_host_in_hostfile(pw->pw_uid, user_hostfile, canonical_hostname,
85                                 client_host_key_bits, client_host_key_e,
86                                 client_host_key_n) != HOST_OK)
87        {
88          /* The host key was not found. */
89          debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
90          packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
91          packet_send_debug("The host name used to check the key was '%.200s'.",
92                            get_canonical_hostname());
93          packet_send_debug("Try logging back from the server machine with the canonical host name using ssh, and then try again.");
94          return 0;
95        }
96      /* The host key was found. */
97    }
98  /* A matching host key was found and is known. */
99 
100  /* Perform the challenge-response dialog with the client for the host key. */
101  if (!auth_rsa_challenge_dialog(state, client_host_key_bits,
102                                 client_host_key_e, client_host_key_n))
103    {
104      log_msg("Client on %.800s failed to respond correctly to host authentication.",
105          canonical_hostname);
106      return 0;
107    }
108
109  /* We have authenticated the user using .rhosts or /etc/hosts.equiv, and
110     the host using RSA.  We accept the authentication. */
111 
112  log_msg("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
113      pw->pw_name, client_user, canonical_hostname);
114  packet_send_debug("Rhosts with RSA host authentication accepted.");
115  return 1;
116}
Note: See TracBrowser for help on using the repository browser.