*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.87 2001/12/05 10:06:13 deraadt Exp $");
-
-#include <openssl/bn.h>
-#include <openssl/md5.h>
-#include <openssl/dh.h>
-#include <openssl/hmac.h>
+RCSID("$OpenBSD: sshconnect2.c,v 1.95 2002/02/03 17:59:23 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
#include "xmalloc.h"
-#include "rsa.h"
#include "buffer.h"
#include "packet.h"
-#include "uidswap.h"
#include "compat.h"
#include "bufaux.h"
#include "cipher.h"
#include "kex.h"
#include "myproposal.h"
-#include "key.h"
#include "sshconnect.h"
#include "authfile.h"
#include "dh.h"
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
if (options.hostkeyalgorithms != NULL)
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms;
/* start key exchange */
int *batch_flag; /* flag in option struct that disables method */
};
-void input_userauth_success(int, int, void *);
-void input_userauth_failure(int, int, void *);
-void input_userauth_banner(int, int, void *);
-void input_userauth_error(int, int, void *);
-void input_userauth_info_req(int, int, void *);
-void input_userauth_pk_ok(int, int, void *);
+void input_userauth_success(int, u_int32_t, void *);
+void input_userauth_failure(int, u_int32_t, void *);
+void input_userauth_banner(int, u_int32_t, void *);
+void input_userauth_error(int, u_int32_t, void *);
+void input_userauth_info_req(int, u_int32_t, void *);
+void input_userauth_pk_ok(int, u_int32_t, void *);
int userauth_none(Authctxt *);
int userauth_pubkey(Authctxt *);
{
Authctxt authctxt;
int type;
- int plen;
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
packet_put_cstring("ssh-userauth");
packet_send();
packet_write_wait();
- type = packet_read(&plen);
+ type = packet_read();
if (type != SSH2_MSG_SERVICE_ACCEPT) {
fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
}
if (packet_remaining() > 0) {
- char *reply = packet_get_string(&plen);
+ char *reply = packet_get_string(NULL);
debug("service_accept: %s", reply);
xfree(reply);
} else {
debug("buggy server: service_accept w/o service");
}
- packet_done();
+ packet_check_eom();
debug("got SSH2_MSG_SERVICE_ACCEPT");
if (options.preferred_authentications == NULL)
}
}
void
-input_userauth_error(int type, int plen, void *ctxt)
+input_userauth_error(int type, u_int32_t seq, void *ctxt)
{
fatal("input_userauth_error: bad message during authentication: "
"type %d", type);
}
void
-input_userauth_banner(int type, int plen, void *ctxt)
+input_userauth_banner(int type, u_int32_t seq, void *ctxt)
{
char *msg, *lang;
debug3("input_userauth_banner");
xfree(lang);
}
void
-input_userauth_success(int type, int plen, void *ctxt)
+input_userauth_success(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
if (authctxt == NULL)
authctxt->success = 1; /* break out */
}
void
-input_userauth_failure(int type, int plen, void *ctxt)
+input_userauth_failure(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
char *authlist = NULL;
authlist = packet_get_string(NULL);
partial = packet_get_char();
- packet_done();
+ packet_check_eom();
if (partial != 0)
log("Authenticated with partial success.");
userauth(authctxt, authlist);
}
void
-input_userauth_pk_ok(int type, int plen, void *ctxt)
+input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
Key *key = NULL;
Buffer b;
- int alen, blen, sent = 0;
+ int pktype, alen, blen, sent = 0;
char *pkalg, *pkblob, *fp;
if (authctxt == NULL)
pkalg = packet_get_string(&alen);
pkblob = packet_get_string(&blen);
}
- packet_done();
+ packet_check_eom();
debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
debug("no last key or no sign cb");
break;
}
- if (key_type_from_name(pkalg) == KEY_UNSPEC) {
+ if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
debug("unknown pkalg %s", pkalg);
break;
}
debug("no key from blob. pkalg %s", pkalg);
break;
}
+ if (key->type != pktype) {
+ error("input_userauth_pk_ok: type mismatch "
+ "for decoded key (received %d, expected %d)",
+ key->type, pktype);
+ break;
+ }
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
debug2("input_userauth_pk_ok: fp %s", fp);
xfree(fp);
if (options.batch_mode)
return NULL;
snprintf(prompt, sizeof prompt,
- "Enter passphrase for key '%.100s': ", filename);
+ "Enter passphrase for key '%.100s': ", filename);
for (i = 0; i < options.number_of_password_prompts; i++) {
passphrase = read_passphrase(prompt, 0);
if (strcmp(passphrase, "") != 0) {
return -1;
/* private key is stored in external hardware */
- if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
+ if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen);
private = load_identity_file(options.identity_files[idx]);
* parse INFO_REQUEST, prompt user and send INFO_RESPONSE
*/
void
-input_userauth_info_req(int type, int plen, void *ctxt)
+input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
{
Authctxt *authctxt = ctxt;
char *name, *inst, *lang, *prompt, *response;
xfree(response);
xfree(prompt);
}
- packet_done(); /* done with parsing incoming message. */
+ packet_check_eom(); /* done with parsing incoming message. */
packet_add_padding(64);
packet_send();
}
}
-
-#define DELIM ","
-
static char *
authmethods_get(void)
{
Authmethod *method = NULL;
- char buf[1024];
+ Buffer b;
+ char *list;
- buf[0] = '\0';
+ buffer_init(&b);
for (method = authmethods; method->name != NULL; method++) {
if (authmethod_is_enabled(method)) {
- if (buf[0] != '\0')
- strlcat(buf, DELIM, sizeof buf);
- strlcat(buf, method->name, sizeof buf);
+ if (buffer_len(&b) > 0)
+ buffer_append(&b, ",", 1);
+ buffer_append(&b, method->name, strlen(method->name));
}
}
- return xstrdup(buf);
+ buffer_append(&b, "\0", 1);
+ list = xstrdup(buffer_ptr(&b));
+ buffer_free(&b);
+ return list;
}