diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-25 11:54:57 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-25 11:54:57 +1100 |
commit | 5428f646ad32da88ddd04a8c287d595524674fbf (patch) | |
tree | cc1f1e5d7852e1f44d41077f776abf7dab7ac06d /auth-rsa.c | |
parent | 9072e1889648988da38b7b81bce95291c1dc3a23 (diff) | |
download | openssh-git-5428f646ad32da88ddd04a8c287d595524674fbf.tar.gz |
- More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
- [channels.c]
report from mrwizard@psu.edu via djm@ibs.com.au
- [channels.c]
set SO_REUSEADDR and SO_LINGER for forwarded ports.
chip@valinux.com via damien@ibs.com.au
- [nchan.c]
it's not an error() if shutdown_write failes in nchan.
- [readconf.c]
remove dead #ifdef-0-code
- [readconf.c servconf.c]
strcasecmp instead of tolower
- [scp.c]
progress meter overflow fix from damien@ibs.com.au
- [ssh-add.1 ssh-add.c]
SSH_ASKPASS support
- [ssh.1 ssh.c]
postpone fork_after_authentication until command execution,
request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
plus: use daemon() for backgrounding
Diffstat (limited to 'auth-rsa.c')
-rw-r--r-- | auth-rsa.c | 95 |
1 files changed, 54 insertions, 41 deletions
@@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.9 1999/11/24 13:26:21 damien Exp $"); +RCSID("$Id: auth-rsa.c,v 1.10 1999/11/25 00:54:57 damien Exp $"); #include "rsa.h" #include "packet.h" @@ -43,22 +43,27 @@ extern int no_pty_flag; extern char *forced_command; extern struct envstring *custom_environment; -/* Session identifier that is used to bind key exchange and authentication - responses to a particular session. */ +/* + * Session identifier that is used to bind key exchange and authentication + * responses to a particular session. + */ extern unsigned char session_id[16]; -/* The .ssh/authorized_keys file contains public keys, one per line, in the - following format: - options bits e n comment - where bits, e and n are decimal numbers, - and comment is any string of characters up to newline. The maximum - length of a line is 8000 characters. See the documentation for a - description of the options. -*/ +/* + * The .ssh/authorized_keys file contains public keys, one per line, in the + * following format: + * options bits e n comment + * where bits, e and n are decimal numbers, + * and comment is any string of characters up to newline. The maximum + * length of a line is 8000 characters. See the documentation for a + * description of the options. + */ -/* Performs the RSA authentication challenge-response dialog with the client, - and returns true (non-zero) if the client gave the correct answer to - our challenge; returns zero if the client gives a wrong answer. */ +/* + * Performs the RSA authentication challenge-response dialog with the client, + * and returns true (non-zero) if the client gave the correct answer to + * our challenge; returns zero if the client gives a wrong answer. + */ int auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) @@ -128,9 +133,11 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) return 1; } -/* Performs the RSA authentication dialog with the client. This returns - 0 if the client could not be authenticated, and 1 if authentication was - successful. This may exit if there is a serious protocol violation. */ +/* + * Performs the RSA authentication dialog with the client. This returns + * 0 if the client could not be authenticated, and 1 if authentication was + * successful. This may exit if there is a serious protocol violation. + */ int auth_rsa(struct passwd *pw, BIGNUM *client_n) @@ -204,30 +211,32 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Flag indicating whether authentication has succeeded. */ authenticated = 0; - /* Initialize mp-int variables. */ e = BN_new(); n = BN_new(); - /* Go though the accepted keys, looking for the current key. If - found, perform a challenge-response dialog to verify that the - user really has the corresponding private key. */ + /* + * Go though the accepted keys, looking for the current key. If + * found, perform a challenge-response dialog to verify that the + * user really has the corresponding private key. + */ while (fgets(line, sizeof(line), f)) { char *cp; char *options; linenum++; - /* Skip leading whitespace. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++); - - /* Skip empty and comment lines. */ + /* Skip leading whitespace, empty and comment lines. */ + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) + ; if (!*cp || *cp == '\n' || *cp == '#') continue; - /* Check if there are options for this key, and if so, - save their starting address and skip the option part - for now. If there are no options, set the starting - address to NULL. */ + /* + * Check if there are options for this key, and if so, + * save their starting address and skip the option part + * for now. If there are no options, set the starting + * address to NULL. + */ if (*cp < '0' || *cp > '9') { int quoted = 0; options = cp; @@ -258,7 +267,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Check if the we have found the desired key (identified by its modulus). */ if (BN_cmp(n, client_n) != 0) - continue; /* Wrong key. */ + continue; /* We have found the desired key. */ @@ -269,10 +278,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) packet_send_debug("Wrong response to RSA authentication challenge."); continue; } - /* Correct response. The client has been successfully - authenticated. Note that we have not yet processed the - options; this will be reset if the options cause the - authentication to be rejected. */ + /* + * Correct response. The client has been successfully + * authenticated. Note that we have not yet processed the + * options; this will be reset if the options cause the + * authentication to be rejected. + */ authenticated = 1; /* RSA part of authentication was accepted. Now process the options. */ @@ -412,7 +423,6 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) goto next_option; } bad_option: - /* Unknown option. */ log("Bad options in %.100s file, line %lu: %.50s", SSH_USER_PERMITTED_KEYS, linenum, options); packet_send_debug("Bad options in %.100s file, line %lu: %.50s", @@ -421,12 +431,14 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) break; next_option: - /* Skip the comma, and move to the next option - (or break out if there are no more). */ + /* + * Skip the comma, and move to the next option + * (or break out if there are no more). + */ if (!*options) fatal("Bugs in auth-rsa.c option processing."); if (*options == ' ' || *options == '\t') - break; /* End of options. */ + break; /* End of options. */ if (*options != ',') goto bad_option; options++; @@ -434,8 +446,10 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) continue; } } - /* Break out of the loop if authentication was successful; - otherwise continue searching. */ + /* + * Break out of the loop if authentication was successful; + * otherwise continue searching. + */ if (authenticated) break; } @@ -446,7 +460,6 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Close the file. */ fclose(f); - /* Clear any mp-int variables. */ BN_clear_free(n); BN_clear_free(e); |