#include "includes.h"
RCSID("$Id$");
+#include <poll.h>
+
#include "xmalloc.h"
#include "rsa.h"
#include "ssh.h"
int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1;
int remote_major, remote_minor;
int silentrsa = 0;
+ struct pollfd fds;
struct sockaddr_in sin;
char buf[100]; /* Must not be larger than remote_version. */
char remote_version[100]; /* Must be at least as big as buf. */
for (;;) {
if (received_sighup)
sighup_restart();
- /* Wait in accept until there is a connection. */
+ /* Wait in poll until there is a connection. */
+ memset(&fds, 0, sizeof(fds));
+ fds.fd = listen_sock;
+ fds.events = POLLIN;
+ if (poll(&fds, 1, -1) == -1) {
+ if (errno == EINTR)
+ continue;
+ fatal("poll: %.100s", strerror(errno));
+ /*NOTREACHED*/
+ }
+ if (fds.revents == 0)
+ continue;
aux = sizeof(sin);
newsock = accept(listen_sock, (struct sockaddr *) & sin, &aux);
if (received_sighup)
unsigned char check_bytes[8];
char *user;
unsigned int cipher_type, auth_mask, protocol_flags;
- int plen, slen;
+ int plen, slen, ulen;
u_int32_t rand = 0;
/*
/* Read clients reply (cipher type and session key). */
packet_read_expect(&plen, SSH_CMSG_SESSION_KEY);
- /* Get cipher type. */
+ /* Get cipher type and check whether we accept this. */
cipher_type = packet_get_char();
+ if (!(cipher_mask() & (1 << cipher_type)))
+ packet_disconnect("Warning: client selects unsupported cipher.");
+
/* Get check bytes from the packet. These must match those we
sent earlier with the public key packet. */
for (i = 0; i < 8; i++)
packet_read_expect(&plen, SSH_CMSG_USER);
/* Get the user name. */
- {
- int ulen;
- user = packet_get_string(&ulen);
- packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
- }
+ user = packet_get_string(&ulen);
+ packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
/* Destroy the private and public keys. They will no longer be needed. */
RSA_free(public_key);
#ifdef SKEY
int dlen;
char *password, *skeyinfo;
- if (options.password_authentication &&
- options.skey_authentication == 1 &&
- type == SSH_CMSG_AUTH_PASSWORD &&
- (password = packet_get_string(&dlen)) != NULL &&
- dlen == 5 &&
- strncasecmp(password, "s/key", 5) == 0 &&
+ /* Try to send a fake s/key challenge. */
+ if (options.skey_authentication == 1 &&
(skeyinfo = skey_fake_keyinfo(user)) != NULL) {
- /* Send a fake s/key challenge. */
- packet_send_debug(skeyinfo);
+ if (type == SSH_CMSG_AUTH_TIS) {
+ packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
+ packet_put_string(skeyinfo, strlen(skeyinfo));
+ packet_send();
+ packet_write_wait();
+ continue;
+ } else if (type == SSH_CMSG_AUTH_PASSWORD &&
+ options.password_authentication &&
+ (password = packet_get_string(&dlen)) != NULL &&
+ dlen == 5 &&
+ strncasecmp(password, "s/key", 5) == 0 ) {
+ packet_send_debug(skeyinfo);
+ }
}
#endif
if (attempt > AUTH_FAIL_MAX)
screen = packet_get_int();
else
screen = 0;
- display = x11_create_display_inet(screen);
+ display = x11_create_display_inet(screen, options.x11_display_offset);
if (!display)
goto fail;