*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.115 2003/04/02 09:48:07 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
xxx_hostaddr = hostaddr;
if (options.ciphers == (char *)-1) {
- log("No valid ciphers for protocol version 2 given, using defaults.");
+ logit("No valid ciphers for protocol version 2 given, using defaults.");
options.ciphers = NULL;
}
if (options.ciphers != NULL) {
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
}
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms;
+ if (options.rekey_limit)
+ packet_set_rekey_limit(options.rekey_limit);
+
/* start key exchange */
kex = kex_setup(myproposal);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
packet_send();
packet_write_wait();
#endif
- debug("done: ssh_kex2.");
}
/*
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
- debug("send SSH2_MSG_SERVICE_REQUEST");
packet_start(SSH2_MSG_SERVICE_REQUEST);
packet_put_cstring("ssh-userauth");
packet_send();
+ debug("SSH2_MSG_SERVICE_REQUEST sent");
packet_write_wait();
type = packet_read();
- if (type != SSH2_MSG_SERVICE_ACCEPT) {
- fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
- }
+ if (type != SSH2_MSG_SERVICE_ACCEPT)
+ fatal("Server denied authentication request: %d", type);
if (packet_remaining() > 0) {
char *reply = packet_get_string(NULL);
- debug("service_accept: %s", reply);
+ debug2("service_accept: %s", reply);
xfree(reply);
} else {
- debug("buggy server: service_accept w/o service");
+ debug2("buggy server: service_accept w/o service");
}
packet_check_eom();
- debug("got SSH2_MSG_SERVICE_ACCEPT");
+ debug("SSH2_MSG_SERVICE_ACCEPT received");
if (options.preferred_authentications == NULL)
options.preferred_authentications = authmethods_get();
if (authctxt.agent != NULL)
ssh_close_authentication_connection(authctxt.agent);
- debug("ssh-userauth2 successful: method %s", authctxt.method->name);
+ debug("Authentication succeeded (%s).", authctxt.method->name);
}
void
userauth(Authctxt *authctxt, char *authlist)
packet_check_eom();
if (partial != 0)
- log("Authenticated with partial success.");
- debug("authentications that can continue: %s", authlist);
+ logit("Authenticated with partial success.");
+ debug("Authentications that can continue: %s", authlist);
clear_auth_state(authctxt);
userauth(authctxt, authlist);
}
packet_check_eom();
- debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
+ debug("Server accepts key: pkalg %s blen %u lastkey %p hint %d",
pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
do {
clear_auth_state(authctxt);
dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
- /* try another method if we did not send a packet*/
+ /* try another method if we did not send a packet */
if (sent == 0)
userauth(authctxt, NULL);
info = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(info) > 0)
- log("%s", info);
+ logit("%s", info);
xfree(info);
xfree(lang);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
if (strcmp(password, retype) != 0) {
memset(password, 0, strlen(password));
xfree(password);
- log("Mismatch; try again, EOF to quit.");
+ logit("Mismatch; try again, EOF to quit.");
password = NULL;
}
memset(retype, 0, strlen(retype));
if (k == NULL) {
debug2("userauth_pubkey_agent: no more keys");
} else {
- debug("userauth_pubkey_agent: testing agent key %s", comment);
+ debug("Offering agent key: %s", comment);
xfree(comment);
ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
if (ret == 0)
key = options.identity_keys[idx];
filename = options.identity_files[idx];
if (key == NULL) {
- debug("try privkey: %s", filename);
+ debug("Trying private key: %s", filename);
key = load_identity_file(filename);
if (key != NULL) {
sent = sign_and_send_pubkey(authctxt, key,
key_free(key);
}
} else if (key->type != KEY_RSA1) {
- debug("try pubkey: %s", filename);
+ debug("Offering public key: %s", filename);
sent = send_pubkey_test(authctxt, key,
identity_sign_cb, idx);
}
inst = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(name) > 0)
- log("%s", name);
+ logit("%s", name);
if (strlen(inst) > 0)
- log("%s", inst);
+ logit("%s", inst);
xfree(name);
xfree(inst);
xfree(lang);
pid_t pid;
int to[2], from[2], status, version = 2;
- debug("ssh_keysign called");
+ debug2("ssh_keysign called");
if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
error("ssh_keysign: no installed: %s", strerror(errno));
buffer_init(&b);
buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
buffer_put_string(&b, data, datalen);
- msg_send(to[1], version, &b);
+ ssh_msg_send(to[1], version, &b);
- if (msg_recv(from[0], &b) < 0) {
+ if (ssh_msg_recv(from[0], &b) < 0) {
error("ssh_keysign: no reply");
buffer_clear(&b);
return -1;
}
}
if (!found) {
- debug("userauth_hostbased: no more client hostkeys");
+ debug("No more client hostkeys for hostbased authentication.");
return 0;
}
if (key_to_blob(private, &blob, &blen) == 0) {
strlcpy(chost, p, len);
strlcat(chost, ".", len);
debug2("userauth_hostbased: chost %s", chost);
+ xfree(p);
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
static Authmethod *
authmethod_get(char *authlist)
{
-
char *name = NULL;
u_int next;
for (;;) {
if ((name = match_list(preferred, supported, &next)) == NULL) {
- debug("no more auth methods to try");
+ debug("No more authentication methods to try.");
current = NULL;
return NULL;
}
if ((current = authmethod_lookup(name)) != NULL &&
authmethod_is_enabled(current)) {
debug3("authmethod_is_enabled %s", name);
- debug("next auth method to try is %s", name);
+ debug("Next authentication method: %s", name);
return current;
}
}