]> andersk Git - openssh.git/blobdiff - sshconnect2.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- jmc@cvs.openbsd.org 2006/07/18 07:56:28
[openssh.git] / sshconnect2.c
diff --git a/sshconnect2.c b/sshconnect2.c
index 60afd6d3db56cae985b1aaea449eb4d6ab591b8e..04ea8dfc1d71887a9c416bb01b5a1abba1b98414 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: sshconnect2.c,v 1.156 2006/07/11 20:07:25 stevesk Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -23,7 +24,12 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.139 2005/06/17 02:44:33 djm Exp $");
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+
+#include <errno.h>
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -49,6 +55,7 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.139 2005/06/17 02:44:33 djm Exp $");
 #include "canohost.h"
 #include "msg.h"
 #include "pathnames.h"
+#include "uidswap.h"
 
 #ifdef GSSAPI
 #include "ssh-gss.h"
@@ -101,10 +108,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
            compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
        if (options.compression) {
                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-               myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
+               myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
        } else {
                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-               myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
+               myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
        }
        if (options.macs != NULL) {
                myproposal[PROPOSAL_MAC_ALGS_CTOS] =
@@ -122,6 +129,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
        kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
+       kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
        kex->client_version_string=client_version_string;
        kex->server_version_string=server_version_string;
        kex->verify_host_key=&verify_host_key_callback;
@@ -352,7 +360,7 @@ void
 input_userauth_error(int type, u_int32_t seq, void *ctxt)
 {
        fatal("input_userauth_error: bad message during authentication: "
-          "type %d", type);
+           "type %d", type);
 }
 
 void
@@ -509,8 +517,10 @@ userauth_gssapi(Authctxt *authctxt)
                }
        }
 
-       if (!ok)
+       if (!ok) {
+               ssh_gssapi_delete_ctx(&gssctxt);
                return 0;
+       }
 
        authctxt->methoddata=(void *)gssctxt;
 
@@ -545,7 +555,8 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
        Authctxt *authctxt = ctxt;
        Gssctxt *gssctxt = authctxt->methoddata;
        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
-       gss_buffer_desc gssbuf, mic;
+       gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
+       gss_buffer_desc gssbuf;
        OM_uint32 status, ms, flags;
        Buffer b;
 
@@ -679,7 +690,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
 
        /* Stick it into GSSAPI and see what it says */
        status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
-                                    &recv_tok, &send_tok, NULL);
+           &recv_tok, &send_tok, NULL);
 
        xfree(recv_tok.value);
        gss_release_buffer(&ms, &send_tok);
@@ -701,7 +712,7 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
 
        packet_check_eom();
 
-       debug("Server GSSAPI Error:\n%s\n", msg);
+       debug("Server GSSAPI Error:\n%s", msg);
        xfree(msg);
        xfree(lang);
 }
@@ -962,14 +973,16 @@ load_identity_file(char *filename)
 {
        Key *private;
        char prompt[300], *passphrase;
-       int quit, i;
+       int perm_ok, quit, i;
        struct stat st;
 
        if (stat(filename, &st) < 0) {
                debug3("no such identity: %s", filename);
                return NULL;
        }
-       private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
+       private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
+       if (!perm_ok)
+               return NULL;
        if (private == NULL) {
                if (options.batch_mode)
                        return NULL;
@@ -978,8 +991,8 @@ load_identity_file(char *filename)
                for (i = 0; i < options.number_of_password_prompts; i++) {
                        passphrase = read_passphrase(prompt, 0);
                        if (strcmp(passphrase, "") != 0) {
-                               private = key_load_private_type(KEY_UNSPEC, filename,
-                                   passphrase, NULL);
+                               private = key_load_private_type(KEY_UNSPEC,
+                                   filename, passphrase, NULL, NULL);
                                quit = 0;
                        } else {
                                debug2("no passphrase given, try next key");
@@ -1022,8 +1035,7 @@ pubkey_prepare(Authctxt *authctxt)
                if (key && key->type == KEY_RSA1)
                        continue;
                options.identity_keys[i] = NULL;
-               id = xmalloc(sizeof(*id));
-               memset(id, 0, sizeof(*id));
+               id = xcalloc(1, sizeof(*id));
                id->key = key;
                id->filename = xstrdup(options.identity_files[i]);
                TAILQ_INSERT_TAIL(&files, id, next);
@@ -1047,8 +1059,7 @@ pubkey_prepare(Authctxt *authctxt)
                                }
                        }
                        if (!found && !options.identities_only) {
-                               id = xmalloc(sizeof(*id));
-                               memset(id, 0, sizeof(*id));
+                               id = xcalloc(1, sizeof(*id));
                                id->key = key;
                                id->filename = comment;
                                id->ac = ac;
@@ -1244,8 +1255,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
                return -1;
        }
        if (pid == 0) {
-               seteuid(getuid());
-               setuid(getuid());
+               permanently_drop_suid(getuid());
                close(from[0]);
                if (dup2(from[1], STDOUT_FILENO) < 0)
                        fatal("ssh_keysign: dup2: %s", strerror(errno));
@@ -1325,12 +1335,11 @@ userauth_hostbased(Authctxt *authctxt)
        if (p == NULL) {
                error("userauth_hostbased: cannot get local ipaddr/name");
                key_free(private);
+               xfree(blob);
                return 0;
        }
        len = strlen(p) + 2;
-       chost = xmalloc(len);
-       strlcpy(chost, p, len);
-       strlcat(chost, ".", len);
+       xasprintf(&chost, "%s.", p);
        debug2("userauth_hostbased: chost %s", chost);
        xfree(p);
 
@@ -1363,6 +1372,7 @@ userauth_hostbased(Authctxt *authctxt)
                error("key_sign failed");
                xfree(chost);
                xfree(pkalg);
+               xfree(blob);
                return 0;
        }
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -1378,6 +1388,7 @@ userauth_hostbased(Authctxt *authctxt)
        xfree(signature);
        xfree(chost);
        xfree(pkalg);
+       xfree(blob);
 
        packet_send();
        return 1;
git-cvsimport mirror of OpenSSH
This page took 0.194367 seconds and 4 git commands to generate.