extern int match_user_openssh(EVP_PKEY *authkey, const char *login) { char filename[PATH_MAX]; char line[OPENSSH_LINE_MAX]; struct passwd *pw; int found; FILE *file; pw = getpwnam(login); if (!pw || !pw->pw_dir) return -1; snprintf(filename, PATH_MAX, "%s/.ssh/authorized_keys", pw->pw_dir); file = fopen(filename, "r"); if (!file) return -1; found = 0; do { EVP_PKEY *key = NULL; char *cp; if (!fgets(line, sizeof line, file)) break; /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) { } if (!*cp || *cp == '\n' || *cp == '#') { continue; } if (*cp >= '0' && *cp <= '9') { /* ssh v1 key format */ key = ssh1_line_to_key(cp); } else if (strncmp("ssh-rsa", cp, 7) == 0) { /* ssh v2 rsa key format */ key = ssh2_line_to_key(cp); } else if (strncmp("ecdsa-sha2-nistp", cp, 16) == 0) { /* ssh nistp256/384/521 key */ key = ssh_nistp_line_to_key(cp); } if (key == NULL) continue; if (1 == EVP_PKEY_cmp(authkey, key)) { found = 1; } EVP_PKEY_free(key); } while (found == 0); fclose(file); return found; }
extern int match_user(X509 * x509, const char *login) { char filename[PATH_MAX]; char line[OPENSSH_LINE_MAX]; struct passwd *pw; FILE *file; EVP_PKEY **keys = NULL; EVP_PKEY *authkey; int nkeys = 0, i; authkey = X509_get_pubkey(x509); if (!authkey) return 0; pw = getpwnam(login); if (!pw || !pw->pw_dir) return -1; snprintf(filename, PATH_MAX, "%s/.ssh/authorized_keys", pw->pw_dir); file = fopen(filename, "r"); if (!file) return -1; for (;;) { char *cp; if (!fgets(line, OPENSSH_LINE_MAX, file)) break; /* Skip leading whitespace, empty and comment lines. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) if (!*cp || *cp == '\n' || *cp == '#') continue; if (*cp >= '0' && *cp <= '9') { /* ssh v1 key format */ EVP_PKEY *key = ssh1_line_to_key(cp); if (key) add_key(key, &keys, &nkeys); } if (strncmp("ssh-rsa", cp, 7) == 0) { /* ssh v2 rsa key format */ EVP_PKEY *key = ssh2_line_to_key(cp); if (key) add_key(key, &keys, &nkeys); } } fclose(file); for (i = 0; i < nkeys; i++) { RSA *authrsa, *rsa; authrsa = EVP_PKEY_get1_RSA(authkey); if (!authrsa) continue; /* not RSA */ rsa = EVP_PKEY_get1_RSA(keys[i]); if (!rsa) continue; /* not RSA */ if (BN_cmp(rsa->e, authrsa->e) != 0) continue; if (BN_cmp(rsa->n, authrsa->n) != 0) continue; return 1; /* FOUND */ } return 0; }