diff options
author | kris <kris@FreeBSD.org> | 2000-09-10 08:31:17 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-09-10 08:31:17 +0000 |
commit | 0ca2bdc2f755d323cf97966ca69c4d32b283070a (patch) | |
tree | c42b17e610c0f98d5a0dda76cbd9035109d60303 /crypto/openssh/sshconnect1.c | |
parent | 3639dd9acea182e29b2d59915fbb97029217d9b2 (diff) | |
download | FreeBSD-src-0ca2bdc2f755d323cf97966ca69c4d32b283070a.zip FreeBSD-src-0ca2bdc2f755d323cf97966ca69c4d32b283070a.tar.gz |
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09
Diffstat (limited to 'crypto/openssh/sshconnect1.c')
-rw-r--r-- | crypto/openssh/sshconnect1.c | 48 |
1 files changed, 25 insertions, 23 deletions
diff --git a/crypto/openssh/sshconnect1.c b/crypto/openssh/sshconnect1.c index 4360d72..2bb4d53 100644 --- a/crypto/openssh/sshconnect1.c +++ b/crypto/openssh/sshconnect1.c @@ -2,14 +2,18 @@ * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * Created: Sat Mar 18 22:15:47 1995 ylo * Code to connect to a remote host, and to perform the client side of the * login (authentication) dialog. * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.6 2000/09/07 20:27:54 deraadt Exp $"); #include <openssl/bn.h> #include <openssl/dsa.h> @@ -21,12 +25,12 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.3 2000/05/08 17:12:16 markus Exp $"); #include "ssh.h" #include "buffer.h" #include "packet.h" -#include "authfd.h" #include "cipher.h" #include "mpaux.h" #include "uidswap.h" #include "readconf.h" #include "key.h" +#include "authfd.h" #include "sshconnect.h" #include "authfile.h" @@ -44,27 +48,27 @@ extern char *__progname; int try_agent_authentication() { - int status, type; + int type; char *comment; AuthenticationConnection *auth; unsigned char response[16]; unsigned int i; - BIGNUM *e, *n, *challenge; + int plen, clen; + Key *key; + BIGNUM *challenge; /* Get connection to the agent. */ auth = ssh_get_authentication_connection(); if (!auth) return 0; - e = BN_new(); - n = BN_new(); challenge = BN_new(); + key = key_new(KEY_RSA); /* Loop through identities served by the agent. */ - for (status = ssh_get_first_identity(auth, e, n, &comment); - status; - status = ssh_get_next_identity(auth, e, n, &comment)) { - int plen, clen; + for (key = ssh_get_first_identity(auth, &comment, 1); + key != NULL; + key = ssh_get_next_identity(auth, &comment, 1)) { /* Try this identity. */ debug("Trying RSA authentication via agent with '%.100s'", comment); @@ -72,7 +76,7 @@ try_agent_authentication() /* Tell the server that we are willing to authenticate using this key. */ packet_start(SSH_CMSG_AUTH_RSA); - packet_put_bignum(n); + packet_put_bignum(key->rsa->n); packet_send(); packet_write_wait(); @@ -83,6 +87,7 @@ try_agent_authentication() does not support RSA authentication. */ if (type == SSH_SMSG_FAILURE) { debug("Server refused our key."); + key_free(key); continue; } /* Otherwise it should have sent a challenge. */ @@ -97,13 +102,16 @@ try_agent_authentication() debug("Received RSA challenge from server."); /* Ask the agent to decrypt the challenge. */ - if (!ssh_decrypt_challenge(auth, e, n, challenge, - session_id, 1, response)) { - /* The agent failed to authenticate this identifier although it - advertised it supports this. Just return a wrong value. */ + if (!ssh_decrypt_challenge(auth, key, challenge, session_id, 1, response)) { + /* + * The agent failed to authenticate this identifier + * although it advertised it supports this. Just + * return a wrong value. + */ log("Authentication agent failed to decrypt challenge."); memset(response, 0, sizeof(response)); } + key_free(key); debug("Sending response to RSA challenge."); /* Send the decrypted challenge back to the server. */ @@ -118,10 +126,8 @@ try_agent_authentication() /* The server returns success if it accepted the authentication. */ if (type == SSH_SMSG_SUCCESS) { - debug("RSA authentication accepted by server."); - BN_clear_free(e); - BN_clear_free(n); BN_clear_free(challenge); + debug("RSA authentication accepted by server."); return 1; } /* Otherwise it should return failure. */ @@ -129,11 +135,7 @@ try_agent_authentication() packet_disconnect("Protocol error waiting RSA auth response: %d", type); } - - BN_clear_free(e); - BN_clear_free(n); BN_clear_free(challenge); - debug("RSA authentication using agent refused."); return 0; } |