summaryrefslogtreecommitdiff
path: root/sshconnect.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-03-26 13:04:51 +1000
committerDamien Miller <djm@mindrot.org>2000-03-26 13:04:51 +1000
commit450a7a1ff40fe7c2d84c93b83cf2df53445d807d (patch)
treedb6d08bdea65edd34ba2e323a31e2b1ca5e5fbd4 /sshconnect.c
parent2c9279fa667827384fceb243f890cba1dbe480de (diff)
- OpenBSD CVS update
- [auth-krb4.c] -Wall - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c] [match.h ssh.c ssh.h sshconnect.c sshd.c] initial support for DSA keys. ok deraadt@, niels@ - [cipher.c cipher.h] remove unused cipher_attack_detected code - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] Fix some formatting problems I missed before. - [ssh.1 sshd.8] fix spelling errors, From: FreeBSD - [ssh.c] switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c72
1 files changed, 35 insertions, 37 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 910548fa..d64c0e2c 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -8,15 +8,19 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.57 2000/03/16 20:56:14 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.58 2000/03/23 22:15:33 markus Exp $");
#ifdef HAVE_OPENSSL
-#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
#include <openssl/md5.h>
+#include <openssl/bn.h>
#endif
#ifdef HAVE_SSL
-#include <ssl/bn.h>
+#include <ssl/rsa.h>
+#include <ssl/dsa.h>
#include <ssl/md5.h>
+#include <ssl/bn.h>
#endif
#include "xmalloc.h"
@@ -29,7 +33,8 @@ RCSID("$OpenBSD: sshconnect.c,v 1.57 2000/03/16 20:56:14 markus Exp $");
#include "uidswap.h"
#include "compat.h"
#include "readconf.h"
-#include "fingerprint.h"
+#include "key.h"
+#include "hostfile.h"
/* Session id for the current session. */
unsigned char session_id[16];
@@ -1073,9 +1078,9 @@ read_yes_or_no(const char *prompt, int defval)
*/
void
-check_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
+check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
{
- RSA *file_key;
+ Key *file_key;
char *ip = NULL;
char hostline[1000], *hostp;
HostStatus host_status;
@@ -1129,47 +1134,34 @@ check_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
* Store the host key from the known host file in here so that we can
* compare it with the key for the IP address.
*/
- file_key = RSA_new();
- file_key->n = BN_new();
- file_key->e = BN_new();
+ file_key = key_new(host_key->type);
/*
* Check if the host key is present in the user\'s list of known
* hosts or in the systemwide list.
*/
- host_status = check_host_in_hostfile(options.user_hostfile, host,
- host_key->e, host_key->n,
- file_key->e, file_key->n);
+ host_status = check_host_in_hostfile(options.user_hostfile, host, host_key, file_key);
if (host_status == HOST_NEW)
- host_status = check_host_in_hostfile(options.system_hostfile, host,
- host_key->e, host_key->n,
- file_key->e, file_key->n);
+ host_status = check_host_in_hostfile(options.system_hostfile, host, host_key, file_key);
/*
* Also perform check for the ip address, skip the check if we are
* localhost or the hostname was an ip address to begin with
*/
if (options.check_host_ip && !local && strcmp(host, ip)) {
- RSA *ip_key = RSA_new();
- ip_key->n = BN_new();
- ip_key->e = BN_new();
- ip_status = check_host_in_hostfile(options.user_hostfile, ip,
- host_key->e, host_key->n,
- ip_key->e, ip_key->n);
+ Key *ip_key = key_new(host_key->type);
+ ip_status = check_host_in_hostfile(options.user_hostfile, ip, host_key, ip_key);
if (ip_status == HOST_NEW)
- ip_status = check_host_in_hostfile(options.system_hostfile, ip,
- host_key->e, host_key->n,
- ip_key->e, ip_key->n);
+ ip_status = check_host_in_hostfile(options.system_hostfile, ip, host_key, ip_key);
if (host_status == HOST_CHANGED &&
- (ip_status != HOST_CHANGED ||
- (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n))))
+ (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key)))
host_ip_differ = 1;
- RSA_free(ip_key);
+ key_free(ip_key);
} else
ip_status = host_status;
- RSA_free(file_key);
+ key_free(file_key);
switch (host_status) {
case HOST_OK:
@@ -1177,8 +1169,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
debug("Host '%.200s' is known and matches the host key.", host);
if (options.check_host_ip) {
if (ip_status == HOST_NEW) {
- if (!add_host_to_hostfile(options.user_hostfile, ip,
- host_key->e, host_key->n))
+ if (!add_host_to_hostfile(options.user_hostfile, ip, host_key))
log("Failed to add the host key for IP address '%.30s' to the list of known hosts (%.30s).",
ip, options.user_hostfile);
else
@@ -1198,12 +1189,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
} else if (options.strict_host_key_checking == 2) {
/* The default */
char prompt[1024];
- char *fp = fingerprint(host_key->e, host_key->n);
+ char *fp = key_fingerprint(host_key);
snprintf(prompt, sizeof(prompt),
"The authenticity of host '%.200s' can't be established.\n"
- "Key fingerprint is %d %s.\n"
+ "Key fingerprint is %s.\n"
"Are you sure you want to continue connecting (yes/no)? ",
- host, BN_num_bits(host_key->n), fp);
+ host, fp);
if (!read_yes_or_no(prompt, -1))
fatal("Aborted by user!\n");
}
@@ -1214,8 +1205,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
hostp = host;
/* If not in strict mode, add the key automatically to the local known_hosts file. */
- if (!add_host_to_hostfile(options.user_hostfile, hostp,
- host_key->e, host_key->n))
+ if (!add_host_to_hostfile(options.user_hostfile, hostp, host_key))
log("Failed to add the host to the list of known hosts (%.500s).",
options.user_hostfile);
else
@@ -1283,6 +1273,14 @@ check_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
if (options.check_host_ip)
xfree(ip);
}
+void
+check_rsa_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
+{
+ Key k;
+ k.type = KEY_RSA;
+ k.rsa = host_key;
+ check_host_key(host, hostaddr, &k);
+}
/*
* SSH1 key exchange
@@ -1358,7 +1356,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
SSH_SMSG_PUBLIC_KEY);
- check_host_key(host, hostaddr, host_key);
+ check_rsa_host_key(host, hostaddr, host_key);
client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
@@ -1617,7 +1615,6 @@ ssh_userauth(int host_key_valid, RSA *own_host_key,
fatal("Permission denied.");
/* NOTREACHED */
}
-
/*
* Starts a dialog with the server, and authenticates the current user on the
* server. This does not need any extra privileges. The basic connection
@@ -1648,6 +1645,7 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost,
ssh_kex(host, hostaddr);
if (supported_authentications == 0)
fatal("supported_authentications == 0.");
+
/* authenticate user */
ssh_userauth(host_key_valid, own_host_key, original_real_uid, host);
}