*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.102 2002/05/25 08:50:39 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
}
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
/* start key exchange */
kex = kex_setup(myproposal);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
packet_send();
packet_write_wait();
#endif
- debug("done: ssh_kex2.");
}
/*
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
- debug("send SSH2_MSG_SERVICE_REQUEST");
packet_start(SSH2_MSG_SERVICE_REQUEST);
packet_put_cstring("ssh-userauth");
packet_send();
+ debug("SSH2_MSG_SERVICE_REQUEST sent");
packet_write_wait();
type = packet_read();
- if (type != SSH2_MSG_SERVICE_ACCEPT) {
- fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
- }
+ if (type != SSH2_MSG_SERVICE_ACCEPT)
+ fatal("Server denied authentication request: %d", type);
if (packet_remaining() > 0) {
char *reply = packet_get_string(NULL);
- debug("service_accept: %s", reply);
+ debug2("service_accept: %s", reply);
xfree(reply);
} else {
- debug("buggy server: service_accept w/o service");
+ debug2("buggy server: service_accept w/o service");
}
packet_check_eom();
- debug("got SSH2_MSG_SERVICE_ACCEPT");
+ debug("SSH2_MSG_SERVICE_ACCEPT received");
if (options.preferred_authentications == NULL)
options.preferred_authentications = authmethods_get();
if (authctxt.agent != NULL)
ssh_close_authentication_connection(authctxt.agent);
- debug("ssh-userauth2 successful: method %s", authctxt.method->name);
+ debug("Authentication succeeded (%s).", authctxt.method->name);
}
void
userauth(Authctxt *authctxt, char *authlist)
}
}
}
+
void
input_userauth_error(int type, u_int32_t seq, void *ctxt)
{
fatal("input_userauth_error: bad message during authentication: "
"type %d", type);
}
+
void
input_userauth_banner(int type, u_int32_t seq, void *ctxt)
{
xfree(msg);
xfree(lang);
}
+
void
input_userauth_success(int type, u_int32_t seq, void *ctxt)
{
clear_auth_state(authctxt);
authctxt->success = 1; /* break out */
}
+
void
input_userauth_failure(int type, u_int32_t seq, void *ctxt)
{
if (partial != 0)
log("Authenticated with partial success.");
- debug("authentications that can continue: %s", authlist);
+ debug("Authentications that can continue: %s", authlist);
clear_auth_state(authctxt);
userauth(authctxt, authlist);
}
packet_check_eom();
- debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
+ debug("Server accepts key: pkalg %s blen %u lastkey %p hint %d",
pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
do {
if (key->type != pktype) {
error("input_userauth_pk_ok: type mismatch "
"for decoded key (received %d, expected %d)",
- key->type, pktype);
+ key->type, pktype);
break;
}
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
clear_auth_state(authctxt);
dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
- /* try another method if we did not send a packet*/
+ /* try another method if we did not send a packet */
if (sent == 0)
userauth(authctxt, NULL);
packet_add_padding(64);
packet_send();
- dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
+ dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
&input_userauth_passwd_changereq);
return 1;
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_put_char(1); /* additional info */
- snprintf(prompt, sizeof(prompt),
+ snprintf(prompt, sizeof(prompt),
"Enter %.30s@%.128s's old password: ",
authctxt->server_user, authctxt->host);
password = read_passphrase(prompt, 0);
xfree(password);
password = NULL;
while (password == NULL) {
- snprintf(prompt, sizeof(prompt),
+ snprintf(prompt, sizeof(prompt),
"Enter %.30s@%.128s's new password: ",
authctxt->server_user, authctxt->host);
password = read_passphrase(prompt, RP_ALLOW_EOF);
/* bail out */
return;
}
- snprintf(prompt, sizeof(prompt),
+ snprintf(prompt, sizeof(prompt),
"Retype %.30s@%.128s's new password: ",
authctxt->server_user, authctxt->host);
retype = read_passphrase(prompt, 0);
xfree(password);
packet_add_padding(64);
packet_send();
-
- dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
+
+ dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
&input_userauth_passwd_changereq);
}
if (k == NULL) {
debug2("userauth_pubkey_agent: no more keys");
} else {
- debug("userauth_pubkey_agent: testing agent key %s", comment);
+ debug("Offering agent key: %s", comment);
xfree(comment);
ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
if (ret == 0)
key = options.identity_keys[idx];
filename = options.identity_files[idx];
if (key == NULL) {
- debug("try privkey: %s", filename);
+ debug("Trying private key: %s", filename);
key = load_identity_file(filename);
if (key != NULL) {
sent = sign_and_send_pubkey(authctxt, key,
key_free(key);
}
} else if (key->type != KEY_RSA1) {
- debug("try pubkey: %s", filename);
+ debug("Offering public key: %s", filename);
sent = send_pubkey_test(authctxt, key,
identity_sign_cb, idx);
}
}
static int
-ssh_keysign(
- Key *key,
- u_char **sigp, u_int *lenp,
+ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
u_char *data, u_int datalen)
{
Buffer b;
struct stat st;
pid_t pid;
- int to[2], from[2], status, version = 1;
+ int to[2], from[2], status, version = 2;
- debug("ssh_keysign called");
+ debug2("ssh_keysign called");
if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
error("ssh_keysign: no installed: %s", strerror(errno));
close(to[1]);
if (dup2(to[0], STDIN_FILENO) < 0)
fatal("ssh_keysign: dup2: %s", strerror(errno));
+ close(from[1]);
+ close(to[0]);
execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0);
fatal("ssh_keysign: exec(%s): %s", _PATH_SSH_KEY_SIGN,
strerror(errno));
close(to[0]);
buffer_init(&b);
+ buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
buffer_put_string(&b, data, datalen);
- msg_send(to[1], version, &b);
+ ssh_msg_send(to[1], version, &b);
- if (msg_recv(from[0], &b) < 0) {
+ if (ssh_msg_recv(from[0], &b) < 0) {
error("ssh_keysign: no reply");
buffer_clear(&b);
return -1;
close(from[0]);
close(to[1]);
- while (waitpid(pid, &status, 0) < 0)
- if (errno != EINTR)
- break;
+ while (waitpid(pid, &status, 0) < 0)
+ if (errno != EINTR)
+ break;
if (buffer_get_char(&b) != version) {
error("ssh_keysign: bad version");
}
}
if (!found) {
- debug("userauth_hostbased: no more client hostkeys");
+ debug("No more client hostkeys for hostbased authentication.");
return 0;
}
if (key_to_blob(private, &blob, &blen) == 0) {
strlcpy(chost, p, len);
strlcat(chost, ".", len);
debug2("userauth_hostbased: chost %s", chost);
+ xfree(p);
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
static Authmethod *current = NULL;
static char *supported = NULL;
static char *preferred = NULL;
+
/*
* Given the authentication method list sent by the server, return the
* next method we should try. If the server initially sends a nil list,
static Authmethod *
authmethod_get(char *authlist)
{
-
char *name = NULL;
u_int next;
for (;;) {
if ((name = match_list(preferred, supported, &next)) == NULL) {
- debug("no more auth methods to try");
+ debug("No more authentication methods to try.");
current = NULL;
return NULL;
}
if ((current = authmethod_lookup(name)) != NULL &&
authmethod_is_enabled(current)) {
debug3("authmethod_is_enabled %s", name);
- debug("next auth method to try is %s", name);
+ debug("Next authentication method: %s", name);
return current;
}
}
andersk / openssh.git / blobdiff