*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.111 2000/04/27 08:01:28 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.119 2000/06/22 16:32:27 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
/* Saved arguments to main(). */
char **saved_argv;
+int saved_argc;
/*
* The sockets that the server is listening; this is used in the SIGHUP
{
log("Received signal %d; terminating.", sig);
close_listen_socks();
+ unlink(options.pid_file);
exit(255);
}
errno = save_errno;
}
-char *
-chop(char *s)
-{
- char *t = s;
- while (*t) {
- if(*t == '\n' || *t == '\r') {
- *t = '\0';
- return s;
- }
- t++;
- }
- return s;
-
-}
-
void
sshd_exchange_identification(int sock_in, int sock_out)
{
/* Read other side\'s version identification. */
for (i = 0; i < sizeof(buf) - 1; i++) {
- if (read(sock_in, &buf[i], 1) != 1) {
+ if (atomicio(read, sock_in, &buf[i], 1) != 1) {
log("Did not receive ident string from %s.", get_remote_ipaddr());
fatal_cleanup();
}
destroy_sensitive_data(void)
{
/* Destroy the private and public keys. They will no longer be needed. */
- RSA_free(public_key);
- RSA_free(sensitive_data.private_key);
- RSA_free(sensitive_data.host_key);
+ if (public_key)
+ RSA_free(public_key);
+ if (sensitive_data.private_key)
+ RSA_free(sensitive_data.private_key);
+ if (sensitive_data.host_key)
+ RSA_free(sensitive_data.host_key);
if (sensitive_data.dsa_host_key != NULL)
key_free(sensitive_data.dsa_host_key);
}
int listen_sock, maxfd;
/* Save argv[0]. */
+ saved_argc = ac;
saved_argv = av;
if (strchr(av[0], '/'))
av0 = strrchr(av[0], '/') + 1;
}
if (options.protocol & SSH_PROTO_2) {
sensitive_data.dsa_host_key = key_new(KEY_DSA);
- if (!load_private_key(options.dsa_key_file, "", sensitive_data.dsa_host_key, NULL)) {
- error("Could not load DSA host key: %.200s", options.dsa_key_file);
+ if (!load_private_key(options.host_dsa_key_file, "", sensitive_data.dsa_host_key, NULL)) {
+
+ error("Could not load DSA host key: %.200s", options.host_dsa_key_file);
log("Disabling protocol version 2");
options.protocol &= ~SSH_PROTO_2;
}
* fail if there already is a daemon, and this will
* overwrite any old pid in the file.
*/
- f = fopen(SSH_DAEMON_PID_FILE, "w");
+ f = fopen(options.pid_file, "w");
if (f) {
fprintf(f, "%u\n", (unsigned int) getpid());
fclose(f);
int payload_len, dlen;
int slen;
unsigned int klen, kout;
- char *ptr;
unsigned char *signature = NULL;
unsigned char *server_host_key_blob = NULL;
unsigned int sbloblen;
unsigned char *hash;
Kex *kex;
char *cprop[PROPOSAL_MAX];
- char *sprop[PROPOSAL_MAX];
/* KEXINIT */
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
-
- debug("Sending KEX init.");
-
- for (i = 0; i < PROPOSAL_MAX; i++)
- sprop[i] = xstrdup(myproposal[i]);
- server_kexinit = kex_init(sprop);
- packet_start(SSH2_MSG_KEXINIT);
- packet_put_raw(buffer_ptr(server_kexinit), buffer_len(server_kexinit));
- packet_send();
- packet_write_wait();
-
- debug("done");
-
- packet_read_expect(&payload_len, SSH2_MSG_KEXINIT);
-
- /*
- * save raw KEXINIT payload in buffer. this is used during
- * computation of the session_id and the session keys.
- */
+ server_kexinit = kex_init(myproposal);
client_kexinit = xmalloc(sizeof(*client_kexinit));
buffer_init(client_kexinit);
- ptr = packet_get_raw(&payload_len);
- buffer_append(client_kexinit, ptr, payload_len);
- /* skip cookie */
- for (i = 0; i < 16; i++)
- (void) packet_get_char();
- /* save kex init proposal strings */
- for (i = 0; i < PROPOSAL_MAX; i++) {
- cprop[i] = packet_get_string(NULL);
- debug("got kexinit string: %s", cprop[i]);
- }
-
- i = (int) packet_get_char();
- debug("first kex follow == %d", i);
- i = packet_get_int();
- debug("reserved == %d", i);
-
- debug("done read kexinit");
- kex = kex_choose_conf(cprop, sprop, 1);
+ /* algorithm negotiation */
+ kex_exchange_kexinit(server_kexinit, client_kexinit, cprop);
+ kex = kex_choose_conf(cprop, myproposal, 1);
+ for (i = 0; i < PROPOSAL_MAX; i++)
+ xfree(cprop[i]);
/* KEXDH */
/* send server hostkey, DH pubkey 'f' and singed H */
packet_start(SSH2_MSG_KEXDH_REPLY);
packet_put_string((char *)server_host_key_blob, sbloblen);
- packet_put_bignum2(dh->pub_key); // f
+ packet_put_bignum2(dh->pub_key); /* f */
packet_put_string((char *)signature, slen);
packet_send();
xfree(signature);