- OpenBSD CVS updates.

[openssh.git] / sshconnect.c

diff --git a/sshconnect.c b/sshconnect.c
index 675de61022020bc1da5023ff60a3888afb021f7d..bca0bf43afdb88fb56222ad208688ac3baa62c73 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $");
 
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -250,7 +250,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                        debug("Trying again...");
 
                /* Loop through addresses for this host, and try each one in
-                  sequence until the connection succeeds. */
+                  sequence until the connection succeeds. */
                for (ai = aitop; ai; ai = ai->ai_next) {
                        if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
                                continue;
@@ -264,7 +264,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
                                host, ntop, strport);
 
                        /* Create a socket for connecting. */
-                       sock = ssh_create_socket(original_real_uid, 
+                       sock = ssh_create_socket(original_real_uid,
                            !anonymous && geteuid() == 0 && port < IPPORT_RESERVED,
                            ai->ai_family);
                        if (sock < 0)
@@ -1059,7 +1059,7 @@ ssh_exchange_identification()
                        break;
                }
                /* FALLTHROUGH */
-       default: 
+       default:
                mismatch = 1;
                break;
        }
@@ -1363,13 +1363,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 
        debug("Sending KEX init.");
        if (options.ciphers != NULL) {
-               myproposal[PROPOSAL_ENC_ALGS_CTOS] = 
+               myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
        } else if (
            options.cipher == SSH_CIPHER_ARCFOUR ||
-            options.cipher == SSH_CIPHER_3DES_CBC ||
-            options.cipher == SSH_CIPHER_CAST128_CBC ||
-            options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+           options.cipher == SSH_CIPHER_3DES_CBC ||
+           options.cipher == SSH_CIPHER_CAST128_CBC ||
+           options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
        }
@@ -1411,6 +1411,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        debug("first kex follow == %d", i);
        i = packet_get_int();
        debug("reserved == %d", i);
+       packet_done();
 
        debug("done read kexinit");
        kex = kex_choose_conf(cprop, sprop, 0);
@@ -1434,7 +1435,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        fprintf(stderr, "\npub= ");
        bignum_print(dh->pub_key);
        fprintf(stderr, "\n");
-        DHparams_print_fp(stderr, dh);
+       DHparams_print_fp(stderr, dh);
 #endif
 
        debug("Wait SSH2_MSG_KEXDH_REPLY.");
@@ -1466,6 +1467,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 
        /* signed H */
        signature = packet_get_string(&slen);
+       packet_done();
 
        if (!dh_pub_is_valid(dh, dh_server_pub))
                packet_disconnect("bad server public DH value");
@@ -1475,14 +1477,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        kout = DH_compute_key(kbuf, dh_server_pub, dh);
 #ifdef DEBUG_KEXDH
        debug("shared secret: len %d/%d", klen, kout);
-        fprintf(stderr, "shared secret == ");
-        for (i = 0; i< kout; i++)
-                fprintf(stderr, "%02x", (kbuf[i])&0xff);
-        fprintf(stderr, "\n");
+       fprintf(stderr, "shared secret == ");
+       for (i = 0; i< kout; i++)
+               fprintf(stderr, "%02x", (kbuf[i])&0xff);
+       fprintf(stderr, "\n");
 #endif
-        shared_secret = BN_new();
+       shared_secret = BN_new();
 
-        BN_bin2bn(kbuf, kout, shared_secret);
+       BN_bin2bn(kbuf, kout, shared_secret);
        memset(kbuf, 0, klen);
        xfree(kbuf);
 
@@ -1502,10 +1504,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
        xfree(client_kexinit);
        xfree(server_kexinit);
 #ifdef DEBUG_KEXDH
-        fprintf(stderr, "hash == ");
-        for (i = 0; i< 20; i++)
-                fprintf(stderr, "%02x", (hash[i])&0xff);
-        fprintf(stderr, "\n");
+       fprintf(stderr, "hash == ");
+       for (i = 0; i< 20; i++)
+               fprintf(stderr, "%02x", (hash[i])&0xff);
+       fprintf(stderr, "\n");
 #endif
        dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20);
        key_free(server_host_key);
@@ -1518,6 +1520,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 
        debug("Wait SSH2_MSG_NEWKEYS.");
        packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS);
+       packet_done();
        debug("GOT SSH2_MSG_NEWKEYS.");
 
        debug("send SSH2_MSG_NEWKEYS.");
@@ -1551,7 +1554,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
        char *server_user, *local_user;
        char *auths;
        char *password;
-       char *service = "ssh-connection";               // service name
+       char *service = "ssh-connection";               /* service name */
 
        debug("send SSH2_MSG_SERVICE_REQUEST");
        packet_start(SSH2_MSG_SERVICE_REQUEST);
@@ -1563,8 +1566,15 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
        if (type != SSH2_MSG_SERVICE_ACCEPT) {
                fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
        }
-       /* payload empty for ssh-2.0.13 ?? */
-       /* reply = packet_get_string(&payload_len); */
+       if (packet_remaining() > 0) {
+               char *reply = packet_get_string(&plen);
+               debug("service_accept: %s", reply);
+               xfree(reply);
+       } else {
+               /* payload empty for ssh-2.0.13 ?? */
+               log("buggy server: service_accept w/o service");
+       }
+       packet_done();
        debug("got SSH2_MSG_SERVICE_ACCEPT");
 
        /*XX COMMONCODE: */
@@ -1593,6 +1603,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
                auths = packet_get_string(&dlen);
                debug("authentications that can continue: %s", auths);
                partial = packet_get_char();
+               packet_done();
                if (partial)
                        debug("partial success");
                if (strstr(auths, "password") == NULL)
@@ -1613,6 +1624,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
                packet_send();
                packet_write_wait();
        }
+       packet_done();
        debug("ssh-userauth2 successfull");
 }