+20000415
+ - OpenBSD CVS updates.
+ [ssh.1 ssh.c]
+ - ssh -2
+ [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
+ [session.c sshconnect.c]
+ - check payload for (illegal) extra data
+ [ALL]
+ whitespace cleanup
+
20000413
- INSTALL doc updates
- Merged OpenBSD updates to include paths.
-
+
20000412
- OpenBSD CVS updates:
- [channels.c]
* return 1 on success, 0 on failure, -1 if krb4 is not available
*/
-int
+int
auth_krb4_password(struct passwd * pw, const char *password)
{
AUTH_DAT adata;
}
}
-int
+int
krb4_init(uid_t uid)
{
static int cleanup_registered = 0;
return 0;
}
-int
+int
auth_krb4(const char *server_user, KTEXT auth, char **client)
{
AUTH_DAT adat = {0};
#endif /* KRB4 */
#ifdef AFS
-int
+int
auth_kerberos_tgt(struct passwd *pw, const char *string)
{
CREDENTIALS creds;
return 0;
}
-int
+int
auth_afs_token(struct passwd *pw, const char *token_string)
{
CREDENTIALS creds;
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
-int
+int
auth_password(struct passwd * pw, const char *password)
{
extern ServerOptions options;
/*
- *
+ *
* auth-rh-rsa.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sun May 7 03:08:06 1995 ylo
- *
+ *
* Rhosts or /etc/hosts.equiv authentication combined with RSA host
* authentication.
*
* its host key. Returns true if authentication succeeds.
*/
-int
+int
auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
{
extern ServerOptions options;
/*
- *
+ *
* auth-rhosts.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 17 05:12:18 1995 ylo
- *
+ *
* Rhosts authentication. This file contains code to check whether to admit
* the login based on rhosts authentication. This file also processes
* /etc/hosts.equiv.
- *
+ *
*/
#include "includes.h"
* based on the file, and returns zero otherwise.
*/
-int
+int
check_rhosts_file(const char *filename, const char *hostname,
const char *ipaddr, const char *client_user,
const char *server_user)
* /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored).
*/
-int
+int
auth_rhosts(struct passwd *pw, const char *client_user)
{
extern ServerOptions options;
/*
- *
+ *
* auth-rsa.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 27 01:46:52 1995 ylo
- *
+ *
* RSA-based authentication. This code determines whether to admit a login
* based on RSA authentication. This file also contains functions to check
* validity of the host key.
- *
+ *
*/
#include "includes.h"
debug("%.100s, line %lu: bad key syntax",
SSH_USER_PERMITTED_KEYS, linenum);
packet_send_debug("%.100s, line %lu: bad key syntax",
- SSH_USER_PERMITTED_KEYS, linenum);
+ SSH_USER_PERMITTED_KEYS, linenum);
continue;
}
/* cp now points to the comment part. */
/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
-/*
+/*
* try skey authentication,
- * return 1 on success, 0 on failure, -1 if skey is not available
+ * return 1 on success, 0 on failure, -1 if skey is not available
*/
-int
+int
auth_skey_password(struct passwd * pw, const char *password)
{
if (strncasecmp(password, "s/key", 5) == 0) {
*/
static u_int32_t
hash_collapse(s)
- u_char *s;
+ u_char *s;
{
- int len, target;
+ int len, target;
u_int32_t i;
if ((strlen(s) % sizeof(u_int32_t)) == 0)
- target = strlen(s); /* Multiple of 4 */
+ target = strlen(s); /* Multiple of 4 */
else
target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
-
+
for (i = 0, len = 0; len < target; len += 4)
- i ^= ROUND(s + len);
+ i ^= ROUND(s + len);
return i;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.2 2000/04/06 08:55:22 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.4 2000/04/14 10:30:29 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
* DenyUsers or user's primary group is listed in DenyGroups, false will
* be returned. If AllowUsers isn't empty and user isn't listed there, or
* if AllowGroups isn't empty and user isn't listed there, false will be
- * returned.
+ * returned.
* If the user's shell is not executable, false will be returned.
- * Otherwise true is returned.
+ * Otherwise true is returned.
*/
static int
allowed_user(struct passwd * pw)
packet_write_wait();
continue;
} else if (type == SSH_CMSG_AUTH_PASSWORD &&
- options.password_authentication &&
- (password = packet_get_string(&dlen)) != NULL &&
- dlen == 5 &&
- strncasecmp(password, "s/key", 5) == 0 ) {
+ options.password_authentication &&
+ (password = packet_get_string(&dlen)) != NULL &&
+ dlen == 5 &&
+ strncasecmp(password, "s/key", 5) == 0 ) {
packet_send_debug(skeyinfo);
}
if (password != NULL)
break;
}
- /*
- * Check if the user is logging in as root and root logins
- * are disallowed.
- * Note that root login is allowed for forced commands.
- */
- if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
- if (forced_command) {
- log("Root login accepted for forced command.");
- } else {
- authenticated = 0;
- log("ROOT LOGIN REFUSED FROM %.200s",
- get_canonical_hostname());
- }
- }
+ /*
+ * Check if the user is logging in as root and root logins
+ * are disallowed.
+ * Note that root login is allowed for forced commands.
+ */
+ if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
+ if (forced_command) {
+ log("Root login accepted for forced command.");
+ } else {
+ authenticated = 0;
+ log("ROOT LOGIN REFUSED FROM %.200s",
+ get_canonical_hostname());
+ }
+ }
/* Raise logging level */
if (authenticated ||
unsigned int len;
int accept = 0;
char *service = packet_get_string(&len);
+ packet_done();
if (strcmp(service, "ssh-userauth") == 0) {
if (!userauth_success) {
pw = auth_set_user(user, service);
if (pw && strcmp(service, "ssh-connection")==0) {
if (strcmp(method, "none") == 0 && try == 1) {
+ packet_done();
#ifdef USE_PAM
/* Do PAM auth with password */
authenticated = auth_pam_password(pw, "");
if (c)
debug("password change not supported");
password = packet_get_string(&len);
+ packet_done();
#ifdef USE_PAM
/* Do PAM auth with password */
authenticated = auth_pam_password(pw, password);
xfree(password);
} else if (strcmp(method, "publickey") == 0) {
/* XXX TODO */
- char *pkalg;
- char *pkblob;
- c = packet_get_char();
+ char *pkalg, *pkblob, *sig;
+ int have_sig = packet_get_char();
pkalg = packet_get_string(&len);
pkblob = packet_get_string(&len);
+ if (have_sig) {
+ sig = packet_get_string(&len);
+ /* test for correct signature */
+ packet_done();
+ xfree(sig);
+ } else {
+ packet_done();
+ /* test whether pkalg/pkblob are acceptable */
+ }
xfree(pkalg);
xfree(pkblob);
}
if (authenticated) {
/* turn off userauth */
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
- /* success! */
packet_start(SSH2_MSG_USERAUTH_SUCCESS);
packet_send();
packet_write_wait();
xfree(user);
xfree(method);
}
-void
+void
do_authentication2()
{
dispatch_init(&protocol_error);
/*
- *
+ *
* authfd.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Mar 29 01:30:28 1995 ylo
- *
+ *
* Functions for connecting the local authentication agent.
- *
+ *
*/
#include "includes.h"
* ssh_get_authentication_socket().
*/
-void
+void
ssh_close_authentication_socket(int sock)
{
if (getenv(SSH_AUTHSOCKET_ENV_NAME))
* memory.
*/
-void
+void
ssh_close_authentication_connection(AuthenticationConnection *ac)
{
buffer_free(&ac->packet);
* be used by normal applications.
*/
-int
+int
ssh_add_identity(AuthenticationConnection *auth,
RSA * key, const char *comment)
{
* meant to be used by normal applications.
*/
-int
+int
ssh_remove_identity(AuthenticationConnection *auth, RSA *key)
{
Buffer buffer;
* by normal applications.
*/
-int
+int
ssh_remove_all_identities(AuthenticationConnection *auth)
{
Buffer buffer;
/*
- *
+ *
* authfd.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Mar 29 01:17:41 1995 ylo
- *
+ *
* Functions to interface with the SSH_AUTHENTICATION_FD socket.
- *
+ *
*/
/* RCSID("$Id$"); */
* integers before the call, and free the comment after a successful call
* (before calling ssh_get_next_identity).
*/
-int
+int
ssh_get_first_identity(AuthenticationConnection * connection,
BIGNUM * e, BIGNUM * n, char **comment);
* function. This returns 0 if there are no more identities. The caller
* must free comment after a successful return.
*/
-int
+int
ssh_get_next_identity(AuthenticationConnection * connection,
BIGNUM * e, BIGNUM * n, char **comment);
/* Requests the agent to decrypt the given challenge. Returns true if
the agent claims it was able to decrypt it. */
-int
+int
ssh_decrypt_challenge(AuthenticationConnection * auth,
BIGNUM * e, BIGNUM * n, BIGNUM * challenge,
unsigned char session_id[16],
* be used by normal applications. This returns true if the identity was
* successfully added.
*/
-int
+int
ssh_add_identity(AuthenticationConnection * connection, RSA * key,
const char *comment);
/*
- *
+ *
* authfile.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 27 03:52:05 1995 ylo
- *
+ *
* This file contains functions for reading and writing identity files, and
* for reading the passphrase from the user.
- *
+ *
*/
#include "includes.h"
/*
- *
+ *
* bufaux.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Mar 29 02:24:47 1995 ylo
- *
+ *
* Auxiliary functions for storing and retrieving various data types to/from
* Buffers.
*
/*
- *
+ *
* bufaux.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Mar 29 02:18:23 1995 ylo
- *
+ *
*/
/* RCSID("$Id$"); */
/*
- *
+ *
* buffer.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Mar 18 04:15:33 1995 ylo
- *
+ *
* Functions for manipulating fifo buffers (that can grow if needed).
- *
+ *
*/
#include "includes.h"
/* Initializes the buffer structure. */
-void
+void
buffer_init(Buffer *buffer)
{
buffer->alloc = 4096;
/* Frees any memory used for the buffer. */
-void
+void
buffer_free(Buffer *buffer)
{
memset(buffer->buf, 0, buffer->alloc);
* zero the memory.
*/
-void
+void
buffer_clear(Buffer *buffer)
{
buffer->offset = 0;
/* Appends data to the buffer, expanding it if necessary. */
-void
+void
buffer_append(Buffer *buffer, const char *data, unsigned int len)
{
char *cp;
* to the allocated region.
*/
-void
+void
buffer_append_space(Buffer *buffer, char **datap, unsigned int len)
{
/* If the buffer is empty, start using it from the beginning. */
/* Returns the number of bytes of data in the buffer. */
-unsigned int
+unsigned int
buffer_len(Buffer *buffer)
{
return buffer->end - buffer->offset;
/* Gets data from the beginning of the buffer. */
-void
+void
buffer_get(Buffer *buffer, char *buf, unsigned int len)
{
if (len > buffer->end - buffer->offset)
/* Consumes the given number of bytes from the beginning of the buffer. */
-void
+void
buffer_consume(Buffer *buffer, unsigned int bytes)
{
if (bytes > buffer->end - buffer->offset)
/* Consumes the given number of bytes from the end of the buffer. */
-void
+void
buffer_consume_end(Buffer *buffer, unsigned int bytes)
{
if (bytes > buffer->end - buffer->offset)
/* Dumps the contents of the buffer to stderr. */
-void
+void
buffer_dump(Buffer *buffer)
{
int i;
/*
- *
+ *
* canohost.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sun Jul 2 17:52:22 1995 ylo
- *
+ *
* Functions for returning the canonical host name of the remote site.
- *
+ *
*/
#include "includes.h"
/* Returns remote/local port number for the current connection. */
-int
+int
get_port(int local)
{
/*
return get_sock_port(packet_get_connection_in(), local);
}
-int
+int
get_peer_port(int sock)
{
return get_sock_port(sock, 0);
}
-int
+int
get_remote_port()
{
return get_port(0);
/*
- *
+ *
* channels.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 24 16:35:24 1995 ylo
- *
+ *
* This file contains functions for generic socket connection forwarding.
* There is also code for initiating connection forwarding for X11 connections,
* arbitrary tcp/ip connections, and the authentication agent connection.
- *
+ *
* SSH2 support added by Markus Friedl.
*/
/* Sets specific protocol options. */
-void
+void
channel_set_options(int hostname_in_open)
{
have_hostname_in_open = hostname_in_open;
* and the server has no way to know but to trust the client anyway.
*/
-void
+void
channel_permit_all_opens()
{
all_opens_permitted = 1;
* remote_name to be freed.
*/
-int
+int
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
int window, int maxpack, int extended_usage, char *remote_name)
{
debug("channel %d: new [%s]", found, remote_name);
return found;
}
-int
+int
channel_allocate(int type, int sock, char *remote_name)
{
return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name);
/* Free the channel and close its socket. */
-void
+void
channel_free(int id)
{
Channel *c = channel_lookup(id);
{
if (buffer_len(&c->output) == 0)
channel_free(c->self);
- else
+ else
FD_SET(c->sock, writeset);
}
packet_put_int(newch);
packet_put_int(c->local_window_max);
packet_put_int(c->local_maxpacket);
+ /* target host and port */
packet_put_string(c->path, strlen(c->path));
packet_put_int(c->host_port);
+ /* originator host and port */
packet_put_cstring(remote_hostname);
packet_put_int(remote_port);
packet_send();
channel_handler_init_15();
}
-void
+void
channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
{
static int did_init = 0;
}
}
-void
+void
channel_prepare_select(fd_set * readset, fd_set * writeset)
{
channel_handler(channel_pre, readset, writeset);
}
-void
+void
channel_after_select(fd_set * readset, fd_set * writeset)
{
channel_handler(channel_post, readset, writeset);
/* If there is data to send to the connection, send some of it now. */
-void
+void
channel_output_poll()
{
int len, i;
* still there.
*/
-void
+void
channel_input_data(int type, int plen)
{
int id;
/* Get the data. */
data = packet_get_string(&data_len);
+ packet_done();
if (compat20){
if (data_len > c->local_maxpacket) {
buffer_append(&c->output, data, data_len);
xfree(data);
}
-void
+void
channel_input_extended_data(int type, int plen)
{
int id;
return;
}
data = packet_get_string(&data_len);
+ packet_done();
if (data_len > c->local_window) {
log("channel %d: rcvd too much extended_data %d, win %d",
c->self, data_len, c->local_window);
* more channel is overfull.
*/
-int
+int
channel_not_very_much_buffered_data()
{
unsigned int i;
return 1;
}
-void
+void
channel_input_ieof(int type, int plen)
{
int id;
chan_rcvd_ieof(c);
}
-void
+void
channel_input_close(int type, int plen)
{
int id;
}
/* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */
-void
+void
channel_input_oclose(int type, int plen)
{
int id = packet_get_int();
chan_rcvd_oclose(c);
}
-void
+void
channel_input_close_confirmation(int type, int plen)
{
int id = packet_get_int();
Channel *c = channel_lookup(id);
+ packet_done();
if (c == NULL)
packet_disconnect("Received close confirmation for "
"out-of-range channel %d.", id);
channel_free(c->self);
}
-void
+void
channel_input_open_confirmation(int type, int plen)
{
int id, remote_id;
if (compat20) {
c->remote_window = packet_get_int();
c->remote_maxpacket = packet_get_int();
+ packet_done();
if (c->cb_fn != NULL && c->cb_event == type) {
debug("callback start");
c->cb_fn(c->self, c->cb_arg);
}
}
-void
+void
channel_input_open_failure(int type, int plen)
{
int id;
if (compat20) {
int reason = packet_get_int();
char *msg = packet_get_string(NULL);
+ char *lang = packet_get_string(NULL);
log("channel_open_failure: %d: reason %d: %s", id, reason, msg);
+ packet_done();
xfree(msg);
+ xfree(lang);
}
/* Free the channel. This will also close the socket. */
channel_free(id);
}
}
-void
+void
channel_input_window_adjust(int type, int plen)
{
Channel *c;
return;
}
adjust = packet_get_int();
+ packet_done();
debug("channel %d: rcvd adjust %d", id, adjust);
c->remote_window += adjust;
}
* might have.
*/
-void
+void
channel_stop_listening()
{
int i;
* descriptors after a fork.
*/
-void
+void
channel_close_all()
{
int i;
/* Returns the maximum file descriptor number used by the channels. */
-int
+int
channel_max_fd()
{
return channel_max_fd_value;
/* Returns true if any channel is still open. */
-int
+int
channel_still_open()
{
unsigned int i;
* channel to host:port from remote side.
*/
-void
+void
channel_request_local_forwarding(u_short port, const char *host,
u_short host_port, int gateway_ports)
{
* the secure channel to host:port from local side.
*/
-void
+void
channel_request_remote_forwarding(u_short listen_port, const char *host_to_connect,
u_short port_to_connect)
{
* message if there was an error). This never returns if there was an error.
*/
-void
+void
channel_input_port_forward_request(int is_root)
{
u_short port, host_port;
* or CHANNEL_OPEN_FAILURE.
*/
-void
+void
channel_input_port_open(int type, int plen)
{
u_short host_port;
* with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE.
*/
-void
+void
x11_input_open(int type, int plen)
{
int remote_channel, display_number, sock = 0, newch;
}
freeaddrinfo(aitop);
if (!ai) {
- error("connect %.100s port %d: %.100s", buf, 6000 + display_number,
+ error("connect %.100s port %d: %.100s", buf, 6000 + display_number,
strerror(errno));
goto fail;
}
* data, and enables authentication spoofing.
*/
-void
+void
x11_request_forwarding_with_spoofing(const char *proto, const char *data)
{
unsigned int data_len = (unsigned int) strlen(data) / 2;
/* Sends a message to the server to request authentication fd forwarding. */
-void
+void
auth_request_forwarding()
{
packet_start(SSH_CMSG_AGENT_REQUEST_FORWARDING);
/* removes the agent forwarding socket */
-void
+void
cleanup_socket(void)
{
remove(channel_forwarded_auth_socket_name);
* This starts forwarding authentication requests.
*/
-void
+void
auth_input_request_forwarding(struct passwd * pw)
{
int sock, newch;
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
-void
+void
auth_input_open_request(int type, int plen)
{
int remch, sock, newch;
* channel to host:port from remote side. This never returns if there was an
* error.
*/
-void
+void
channel_request_local_forwarding(u_short port, const char *host,
u_short remote_port, int gateway_ports);
* there was an error. This registers that open requests for that port are
* permitted.
*/
-void
+void
channel_request_remote_forwarding(u_short port, const char *host,
u_short remote_port);
/*
- *
+ *
* cipher.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Apr 19 17:41:39 1995 ylo
- *
+ *
*/
#include "includes.h"
* supported cipher.
*/
-unsigned int
+unsigned int
cipher_mask1()
{
unsigned int mask = 0;
mask |= 1 << SSH_CIPHER_BLOWFISH;
return mask;
}
-unsigned int
+unsigned int
cipher_mask2()
{
unsigned int mask = 0;
mask |= 1 << SSH_CIPHER_CAST128_CBC;
return mask;
}
-unsigned int
+unsigned int
cipher_mask()
{
return cipher_mask1() | cipher_mask2();
* passphrase and using the resulting 16 bytes as the key.
*/
-void
+void
cipher_set_key_string(CipherContext *context, int cipher, const char *passphrase)
{
MD5_CTX md;
/* Selects the cipher to use and sets the key. */
-void
+void
cipher_set_key(CipherContext *context, int cipher, const unsigned char *key,
int keylen)
{
memset(padded, 0, sizeof(padded));
}
-void
+void
cipher_set_key_iv(CipherContext * context, int cipher,
- const unsigned char *key, int keylen,
+ const unsigned char *key, int keylen,
const unsigned char *iv, int ivlen)
{
/* Set cipher type. */
/* Encrypts data using the cipher. */
-void
+void
cipher_encrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
case SSH_CIPHER_BLOWFISH:
swap_bytes(src, dest, len);
BF_cbc_encrypt(dest, dest, len,
- &context->u.bf.key, context->u.bf.iv,
+ &context->u.bf.key, context->u.bf.iv,
BF_ENCRYPT);
swap_bytes(dest, dest, len);
break;
case SSH_CIPHER_BLOWFISH_CBC:
BF_cbc_encrypt((void *)src, dest, len,
- &context->u.bf.key, context->u.bf.iv,
+ &context->u.bf.key, context->u.bf.iv,
BF_ENCRYPT);
break;
/* Decrypts data using the cipher. */
-void
+void
cipher_decrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
/*
- *
+ *
* cipher.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Apr 19 16:50:42 1995 ylo
- *
+ *
*/
/* RCSID("$Id$"); */
* Selects the cipher to use and sets the key. If for_encryption is true,
* the key is setup for encryption; otherwise it is setup for decryption.
*/
-void
+void
cipher_set_key(CipherContext * context, int cipher,
const unsigned char *key, int keylen);
-void
+void
cipher_set_key_iv(CipherContext * context, int cipher,
- const unsigned char *key, int keylen,
+ const unsigned char *key, int keylen,
const unsigned char *iv, int ivlen);
/*
* Sets key for the cipher by computing the MD5 checksum of the passphrase,
* and using the resulting 16 bytes as the key.
*/
-void
+void
cipher_set_key_string(CipherContext * context, int cipher,
const char *passphrase);
/* Encrypts data using the cipher. */
-void
+void
cipher_encrypt(CipherContext * context, unsigned char *dest,
const unsigned char *src, unsigned int len);
/* Decrypts data using the cipher. */
-void
+void
cipher_decrypt(CipherContext * context, unsigned char *dest,
const unsigned char *src, unsigned int len);
/*
- *
+ *
* clientloop.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
- *
+ *
+ *
* Created: Sat Sep 23 12:23:57 1995 ylo
- *
+ *
* The main loop for the interactive session (client side).
- *
+ *
* SSH2 support added by Markus Friedl.
*/
/* Returns the user\'s terminal to normal mode if it had been put in raw mode. */
-void
+void
leave_raw_mode()
{
if (!in_raw_mode)
/* Puts the user\'s terminal in raw mode. */
-void
+void
enter_raw_mode()
{
struct termios tio;
/* Restores stdin to blocking mode. */
-void
+void
leave_non_blocking()
{
if (in_non_blocking_mode) {
/* Puts stdin terminal in non-blocking mode. */
-void
+void
enter_non_blocking()
{
in_non_blocking_mode = 1;
* flag indicating that the window has changed.
*/
-void
+void
window_change_handler(int sig)
{
received_window_change_signal = 1;
* signals must be trapped to restore terminal modes.
*/
-void
+void
signal_handler(int sig)
{
if (in_raw_mode)
* available resolution.
*/
-double
+double
get_current_time()
{
struct timeval tv;
* not appear to wake up when redirecting from /dev/null.
*/
-void
+void
client_check_initial_eof_on_stdin()
{
int len;
* connection.
*/
-void
+void
client_make_packets_from_stdin_data()
{
unsigned int len;
* appropriate.
*/
-void
+void
client_check_window_change()
{
struct winsize ws;
* one of the file descriptors).
*/
-void
+void
client_wait_until_can_do_something(fd_set * readset, fd_set * writeset)
{
/*debug("client_wait_until_can_do_something"); */
}
}
-void
+void
client_suspend_self()
{
struct winsize oldws, newws;
enter_raw_mode();
}
-void
+void
client_process_net_input(fd_set * readset)
{
int len;
}
}
-void
+void
client_process_input(fd_set * readset)
{
int len, pid;
}
}
-void
+void
client_process_output(fd_set * writeset)
{
int len;
* preparatory phase.
*/
-void
+void
client_process_buffered_input_packets()
{
dispatch_run(DISPATCH_NONBLOCK, &quit_pending);
* character for terminating or suspending the session.
*/
-int
+int
client_loop(int have_pty, int escape_char_arg)
{
extern Options options;
quit_pending = 1;
}
-void
+void
client_init_dispatch_20()
{
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
}
-void
+void
client_init_dispatch_13()
{
dispatch_init(NULL);
dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
}
-void
+void
client_init_dispatch_15()
{
client_init_dispatch_13();
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, & channel_input_oclose);
}
-void
+void
client_init_dispatch()
{
if (compat20)
} else if (strcmp(rtype, "exit-status") == 0) {
success = 1;
exit_status = packet_get_int();
+ packet_done();
}
if (reply) {
packet_start(success ?
int compat20 = 0;
int datafellows = 0;
-void
+void
enable_compat20(void)
{
verbose("Enabling compatibility mode for protocol 2.0");
compat20 = 1;
packet_set_ssh2_format();
}
-void
+void
enable_compat13(void)
{
verbose("Enabling compatibility mode for protocol 1.3");
/*
- *
+ *
* compress.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Oct 25 22:12:46 1995 ylo
- *
+ *
* Interface to packet compression for ssh.
- *
+ *
*/
#include "includes.h"
* (as in gzip).
*/
-void
+void
buffer_compress_init(int level)
{
debug("Enabling compression at level %d.", level);
/* Frees any data structures allocated for compression. */
-void
+void
buffer_compress_uninit()
{
debug("compress outgoing: raw data %lu, compressed %lu, factor %.2f",
* receiver. This appends the compressed data to the output buffer.
*/
-void
+void
buffer_compress(Buffer * input_buffer, Buffer * output_buffer)
{
char buf[4096];
* with that. This appends the uncompressed data to the output buffer.
*/
-void
+void
buffer_uncompress(Buffer * input_buffer, Buffer * output_buffer)
{
char buf[4096];
/*
- *
+ *
* compress.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Oct 25 22:12:46 1995 ylo
- *
+ *
* Interface to packet compression for ssh.
- *
+ *
*/
/* RCSID("$Id$"); */
/*
- *
+ *
* crc32.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1992 Tatu Ylonen, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Tue Feb 11 14:37:27 1992 ylo
- *
+ *
* Functions for computing 32-bit CRC.
- *
+ *
*/
/* RCSID("$Id$"); */
--- /dev/null
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Markus Friedl.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+RCSID("$Id$");
+#include "ssh.h"
+#include "dispatch.h"
+#include "packet.h"
+
+#define DISPATCH_MIN 0
+#define DISPATCH_MAX 255
+
+dispatch_fn *dispatch[DISPATCH_MAX];
+
+void
+dispatch_protocol_error(int type, int plen)
+{
+ error("Hm, dispatch protocol error: type %d plen %d", type, plen);
+}
+void
+dispatch_init(dispatch_fn *dflt)
+{
+ int i;
+ for (i = 0; i < DISPATCH_MAX; i++)
+ dispatch[i] = dflt;
+}
+void
+dispatch_set(int type, dispatch_fn *fn)
+{
+ dispatch[type] = fn;
+}
+void
+dispatch_run(int mode, int *done)
+{
+ for (;;) {
+ int plen;
+ int type;
+
+ if (mode == DISPATCH_BLOCK) {
+ type = packet_read(&plen);
+ } else {
+ type = packet_read_poll(&plen);
+ if (type == SSH_MSG_NONE)
+ return;
+ }
+ if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL)
+ (*dispatch[type])(type, plen);
+ else
+ packet_disconnect("protocol error: rcvd type %d", type);
+ if (done != NULL && *done)
+ return;
+ }
+}
in = BIO_new(BIO_s_file());
if (in == NULL)
fatal("BIO_new failed");
- if (BIO_read_filename(in, filename) <= 0)
+ if (BIO_read_filename(in, filename) <= 0)
fatal("BIO_read failed %s: %s", filename, strerror(errno));
fprintf(stderr, "read DSA private key\n");
dsa = PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
- rlen = BN_num_bytes(sig->r);
- slen = BN_num_bytes(sig->s);
- if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
+ rlen = BN_num_bytes(sig->r);
+ slen = BN_num_bytes(sig->s);
+ if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
error("bad sig size %d %d", rlen, slen);
DSA_SIG_free(sig);
return -1;
/*
- *
+ *
* getput.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Jun 28 22:36:30 1995 ylo
- *
+ *
* Macros for storing and retrieving data in msb first and lsb first order.
- *
+ *
*/
/* RCSID("$Id$"); */
/*------------ macros for storing/extracting msb first words -------------*/
#define GET_32BIT(cp) (((unsigned long)(unsigned char)(cp)[0] << 24) | \
- ((unsigned long)(unsigned char)(cp)[1] << 16) | \
+ ((unsigned long)(unsigned char)(cp)[1] << 16) | \
((unsigned long)(unsigned char)(cp)[2] << 8) | \
((unsigned long)(unsigned char)(cp)[3]))
/*
- *
+ *
* hostfile.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Thu Jun 29 07:10:56 1995 ylo
- *
+ *
* Functions for manipulating the known hosts files.
- *
+ *
*/
#include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.15 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.16 2000/04/14 10:30:31 markus Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
typedef enum {
HOST_OK, HOST_NEW, HOST_CHANGED
} HostStatus;
-HostStatus
+HostStatus
check_host_in_hostfile(const char *filename, const char *host, Key *key, Key *found);
/*
/*
- *
+ *
* includes.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Thu Mar 23 16:29:37 1995 ylo
- *
+ *
* This file includes most of the needed system headers.
- *
+ *
*/
#ifndef INCLUDES_H
dump_digest(unsigned char *digest, int len)
{
int i;
- for (i = 0; i< len; i++){
- fprintf(stderr, "%02x", digest[i]);
+ for (i = 0; i< len; i++){
+ fprintf(stderr, "%02x", digest[i]);
if(i%2!=0)
fprintf(stderr, " ");
}
- fprintf(stderr, "\n");
+ fprintf(stderr, "\n");
}
unsigned char *
buffer_free(&b);
#ifdef DEBUG_KEX
- dump_digest(digest, evp_md->md_size);
+ dump_digest(digest, evp_md->md_size);
#endif
return digest;
}
k->name = get_match(client, server);
if (k->name == NULL)
fatal("no kex alg");
- if (strcmp(k->name, KEX_DH1) != 0)
+ if (strcmp(k->name, KEX_DH1) != 0)
fatal("bad kex alg %s", k->name);
}
void
/*
- *
+ *
* log-client.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 20 21:13:40 1995 ylo
- *
+ *
* Client-side versions of debug(), log(), etc. These print to stderr.
* This is a stripped down version of log-server.c.
- *
+ *
*/
#include "includes.h"
/*
- *
+ *
* log-server.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 20 21:19:30 1995 ylo
- *
+ *
* Server-side versions of debug(), log(), etc. These normally send the output
* to the system log.
- *
+ *
*/
#include "includes.h"
* level logging level
*/
-void
+void
log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
{
switch (level) {
/*
- *
+ *
* login.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 24 14:51:08 1995 ylo
- *
+ *
* This file performs some of the things login(1) normally does. We cannot
* easily use something like login -p -h host -f user, because there are
* several different logins around, and it is hard to determined what kind of
* login the current system has. Also, we want to be able to execute commands
* on a tty.
- *
+ *
*/
#include "includes.h"
* is found). The name of the host used last time is returned in buf.
*/
-unsigned long
+unsigned long
get_last_login_time(uid_t uid, const char *logname,
char *buf, unsigned int bufsize)
{
* were more standardized.
*/
-void
+void
record_login(int pid, const char *ttyname, const char *user, uid_t uid,
const char *host, struct sockaddr * addr)
{
/* Records that the user has logged out. */
-void
+void
record_logout(int pid, const char *ttyname)
{
#ifdef HAVE_LIBUTIL_LOGIN
/*
- *
+ *
* match.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Thu Jun 22 01:17:50 1995 ylo
- *
+ *
* Simple pattern matching, with '*' and '?' as wildcards.
- *
+ *
*/
#include "includes.h"
* and * as wildcards), and zero if it does not match.
*/
-int
+int
match_pattern(const char *s, const char *pattern)
{
for (;;) {
/*
- *
+ *
* mpaux.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sun Jul 16 04:29:30 1995 ylo
- *
+ *
* This file contains various auxiliary functions related to multiple
* precision integers.
- *
+ *
*/
#include "includes.h"
/*
- *
+ *
* mpaux.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sun Jul 16 04:29:30 1995 ylo
- *
+ *
* This file contains various auxiliary functions related to multiple
* precision integers.
*/
* session id is computed by concatenating the linearized, msb first
* representations of host_key_n, session_key_n, and the cookie.
*/
-void
+void
compute_session_id(unsigned char session_id[16],
unsigned char cookie[8],
BIGNUM * host_key_n,
if (!(c->flags & CHAN_CLOSE_SENT)) {
chan_send_close2(c);
}
- if ((c->flags & CHAN_CLOSE_SENT) &&
+ if ((c->flags & CHAN_CLOSE_SENT) &&
(c->flags & CHAN_CLOSE_RCVD)) {
debug("channel %d: full closed2", c->self);
channel_free(c->self);
- }
+ }
}
}
/*
- *
+ *
* packet.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Mar 18 02:40:40 1995 ylo
- *
+ *
* This file contains code implementing the packet protocol and communication
* with the other side. This same code is used both on client and server side.
*
unsigned int packet_length = 0;
unsigned int i, padlen, len;
u_int32_t rand = 0;
- static unsigned int seqnr = 0;
+ static unsigned int seqnr = 0;
int type;
Enc *enc = NULL;
Mac *mac = NULL;
fprintf(stderr, "encrypted: ");
buffer_dump(&output);
#endif
- /* increment sequence number for outgoing packets */
- if (++seqnr == 0)
- log("outgoing seqnr wraps around");
+ /* increment sequence number for outgoing packets */
+ if (++seqnr == 0)
+ log("outgoing seqnr wraps around");
buffer_clear(&outgoing_packet);
if (type == SSH2_MSG_NEWKEYS) {
* compute MAC over seqnr and packet,
* increment sequence number for incoming packet
*/
- if (mac && mac->enabled) {
+ if (mac && mac->enabled) {
macbuf = hmac( mac->md, seqnr,
(unsigned char *) buffer_ptr(&incoming_packet),
buffer_len(&incoming_packet),
DBG(debug("HMAC #%d ok", seqnr));
buffer_consume(&input, mac->mac_len);
}
- if (++seqnr == 0)
- log("incoming seqnr wraps around");
+ if (++seqnr == 0)
+ log("incoming seqnr wraps around");
/* get padlen */
cp = buffer_ptr(&incoming_packet) + 4;
return buffer_ptr(&incoming_packet);
}
+int
+packet_remaining(void)
+{
+ return buffer_len(&incoming_packet);
+}
+
/*
* Returns a string from the packet data. The string is allocated using
* xmalloc; it is the responsibility of the calling program to free it when
/*
- *
+ *
* packet.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Mar 18 02:02:14 1995 ylo
- *
+ *
* Interface for the packet protocol functions.
- *
+ *
*/
/* RCSID("$Id$"); */
* key is used for both sending and reception. However, both directions are
* encrypted independently of each other. Cipher types are defined in ssh.h.
*/
-void
+void
packet_set_encryption_key(const unsigned char *key, unsigned int keylen,
int cipher_type);
} \
} while (0)
+#define packet_done() \
+do { \
+ int _len = packet_remaining(); \
+ if (_len > 0) { \
+ log("Packet integrity error (%d bytes remaining) at %s:%d", \
+ _len ,__FILE__, __LINE__); \
+ packet_disconnect("Packet integrity error."); \
+ } \
+} while (0)
+
/* remote host is connected via a socket/ipv4 */
int packet_connection_is_on_socket(void);
int packet_connection_is_ipv4(void);
/* enable SSH2 packet format */
void packet_set_ssh2_format(void);
+/* returns remaining payload bytes */
+int packet_remaining(void);
+
#endif /* PACKET_H */
/*
- *
+ *
* pty.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 17 04:37:25 1995 ylo
- *
+ *
* Allocating a pseudo-terminal, and making it the controlling tty.
- *
+ *
*/
#include "includes.h"
* returned (the buffer must be able to hold at least 64 characters).
*/
-int
+int
pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
{
#if defined(HAVE_OPENPTY) || defined(BSD4_4)
/* Releases the tty. Its ownership is returned to root, and permissions to 0666. */
-void
+void
pty_release(const char *ttyname)
{
if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0)
/* Makes the tty the processes controlling tty and sets it to sane modes. */
-void
+void
pty_make_controlling_tty(int *ttyfd, const char *ttyname)
{
int fd;
/* Changes the window size associated with the pty. */
-void
+void
pty_change_window_size(int ptyfd, int row, int col,
int xpixel, int ypixel)
{
/*
- *
+ *
* pty.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 17 05:03:28 1995 ylo
- *
+ *
* Functions for allocating a pseudo-terminal and making it the controlling
* tty.
*/
void pty_make_controlling_tty(int *ttyfd, const char *ttyname);
/* Changes the window size associated with the pty. */
-void
+void
pty_change_window_size(int ptyfd, int row, int col,
int xpixel, int ypixel);
/*
* radix.c
- *
+ *
* base-64 encoding pinched from lynx2-7-2, who pinched it from rpem.
* Originally written by Mark Riordan 12 August 1990 and 17 Feb 1991
* and placed in the public domain.
- *
+ *
* Dug Song <dugsong@UMICH.EDU>
*/
unsigned char pr2six[256];
-int
+int
uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded)
{
/* ENC is the basic 1 character encoding function to make a char printing */
return (outptr - bufcoded);
}
-int
+int
uudecode(const char *bufcoded, unsigned char *bufplain, int outbufsize)
{
/* single character decode */
}
-int
+int
creds_to_radix(CREDENTIALS *creds, unsigned char *buf)
{
char *p, *s;
return (uuencode((unsigned char *)temp, len, (char *)buf));
}
-int
+int
radix_to_creds(const char *buf, CREDENTIALS *creds)
{
/*
- *
+ *
* readconf.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Apr 22 00:03:10 1995 ylo
- *
+ *
* Functions for reading the configuration files.
- *
+ *
*/
#include "includes.h"
* error.
*/
-void
+void
add_local_forward(Options *options, u_short port, const char *host,
u_short host_port)
{
* an error.
*/
-void
+void
add_remote_forward(Options *options, u_short port, const char *host,
u_short host_port)
{
* returns if the token is not known.
*/
-static OpCodes
+static OpCodes
parse_token(const char *cp, const char *filename, int linenum)
{
unsigned int i;
* there is an error. If the file does not exist, this returns immediately.
*/
-void
+void
read_config_file(const char *filename, const char *host, Options *options)
{
FILE *f;
* system config file. Last, fill_default_options is called.
*/
-void
+void
initialize_options(Options * options)
{
memset(options, 'X', sizeof(*options));
* options for which no value has been specified with their default values.
*/
-void
+void
fill_default_options(Options * options)
{
if (options->forward_agent == -1)
/*
- *
+ *
* readconf.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Apr 22 00:25:29 1995 ylo
- *
+ *
* Functions for reading the configuration file.
- *
+ *
*/
/* RCSID("$Id$"); */
* only sets those values that have not already been set. Returns 0 for legal
* options
*/
-int
+int
process_config_line(Options * options, const char *host,
char *line, const char *filename, int linenum,
int *activep);
* should already be initialized before this call. This never returns if
* there is an error. If the file does not exist, this returns immediately.
*/
-void
+void
read_config_file(const char *filename, const char *host,
Options * options);
* Adds a local TCP/IP port forward to options. Never returns if there is an
* error.
*/
-void
+void
add_local_forward(Options * options, u_short port, const char *host,
u_short host_port);
* Adds a remote TCP/IP port forward to options. Never returns if there is
* an error.
*/
-void
+void
add_remote_forward(Options * options, u_short port, const char *host,
u_short host_port);
sigset_t oset, nset;
struct sigaction sa, osa;
int input, output, echo = 0;
-
+
if (from_stdin) {
input = STDIN_FILENO;
output = STDERR_FILENO;
/*
- *
+ *
* rsa.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 3 22:07:06 1995 ylo
- *
+ *
* Description of the RSA algorithm can be found e.g. from the following sources:
- *
+ *
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994.
- *
+ *
* Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
* Computer Security. Prentice-Hall, 1989.
- *
+ *
* Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill,
* 1994.
- *
+ *
* R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
* System and Method. US Patent 4,405,829, 1983.
- *
+ *
* Hans Riesel: Prime Numbers and Computer Methods for Factorization.
* Birkhauser, 1994.
- *
+ *
* The RSA Frequently Asked Questions document by RSA Data Security, Inc., 1995.
- *
+ *
* RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as included
* below:
- *
+ *
* [gone - had to be deleted - what a pity]
- *
+ *
*/
#include "includes.h"
/*
- *
+ *
* rsa.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 3 22:01:06 1995 ylo
- *
+ *
* RSA key generation, encryption and decryption.
- *
+ *
*/
/* RCSID("$Id$"); */
/*
- *
+ *
* scp - secure remote copy. This is basically patched BSD rcp which uses ssh
* to do the data transfer (instead of using rcmd).
- *
+ *
* NOTE: This version should NOT be suid root. (This uses ssh to do the transfer
* and ssh has the necessary privileges.)
- *
+ *
* 1995 Timo Rinne <tri@iki.fi>, Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
*/
/*
* assigns the input and output file descriptors on success.
*/
-int
+int
do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
{
int pin[2], pout[2], reserved[2];
return 0;
}
-void
+void
fatal(const char *fmt,...)
{
va_list ap;
switch (ch) {
/* User-visible flags. */
case '4':
- IPv4 = 1;
+ IPv4 = 1;
break;
case '6':
- IPv6 = 1;
+ IPv6 = 1;
break;
case 'p':
pflag = 1;
/*
- *
+ *
* servconf.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Aug 21 15:48:58 1995 ylo
- *
+ *
*/
#include "includes.h"
/* Initializes the server options to their default values. */
-void
+void
initialize_server_options(ServerOptions *options)
{
memset(options, 0, sizeof(*options));
options->protocol = SSH_PROTO_UNKNOWN;
}
-void
+void
fill_default_server_options(ServerOptions *options)
{
if (options->num_ports == 0)
* returns if the token is not known.
*/
-static ServerOpCodes
+static ServerOpCodes
parse_token(const char *cp, const char *filename,
int linenum)
{
/*
* add listen address
*/
-void
+void
add_listen_addr(ServerOptions *options, char *addr)
{
extern int IPv4or6;
/* Reads the server configuration file. */
-void
+void
read_server_config(ServerOptions *options, const char *filename)
{
FILE *f;
"ListenAdress.\n", filename, linenum);
if (options->num_ports >= MAX_PORTS)
fatal("%s line %d: too many ports.\n",
- filename, linenum);
+ filename, linenum);
cp = strtok(NULL, WHITESPACE);
if (!cp)
fatal("%s line %d: missing port number.\n",
/*
- *
+ *
* servconf.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Aug 21 15:35:03 1995 ylo
- *
+ *
* Definitions for server configuration data and for the functions reading it.
- *
+ *
*/
/* RCSID("$Id$"); */
void server_init_dispatch(void);
-void
+void
sigchld_handler(int sig)
{
int save_errno = errno;
signal(SIGCHLD, sigchld_handler);
errno = save_errno;
}
-void
+void
sigchld_handler2(int sig)
{
int save_errno = errno;
* Make packets from buffered stderr data, and buffer it for sending
* to the client.
*/
-void
+void
make_packets_from_stderr_data()
{
int len;
* Make packets from buffered stdout data, and buffer it for sending to the
* client.
*/
-void
+void
make_packets_from_stdout_data()
{
int len;
* have data or can accept data. Optionally, a maximum time can be specified
* for the duration of the wait (0 = infinite).
*/
-void
+void
wait_until_can_do_something(fd_set * readset, fd_set * writeset,
unsigned int max_time_milliseconds)
{
* Processes input from the client and the program. Input data is stored
* in buffers and processed later.
*/
-void
+void
process_input(fd_set * readset)
{
int len;
/*
* Sends data from internal buffers to client program stdin.
*/
-void
+void
process_output(fd_set * writeset)
{
int len;
* Wait until all buffered output has been sent to the client.
* This is used when the program terminates.
*/
-void
+void
drain_output()
{
/* Send any buffered stdout data to the client. */
packet_write_wait();
}
-void
+void
process_buffered_input_packets()
{
dispatch_run(DISPATCH_NONBLOCK, NULL);
* stdin (of the child program), and reads from stdout and stderr (of the
* child program).
*/
-void
+void
server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg)
{
int wait_status, wait_pid; /* Status and pid returned by wait(). */
/* NOTREACHED */
}
-void
+void
server_loop2(void)
{
fd_set readset, writeset;
input_direct_tcpip(void)
{
int sock;
- char *host, *originator;
- int host_port, originator_port;
+ char *target, *originator;
+ int target_port, originator_port;
- host = packet_get_string(NULL);
- host_port = packet_get_int();
+ target = packet_get_string(NULL);
+ target_port = packet_get_int();
originator = packet_get_string(NULL);
originator_port = packet_get_int();
+ packet_done();
/* XXX check permission */
- sock = channel_connect_to(host, host_port);
- xfree(host);
+ sock = channel_connect_to(target, target_port);
+ xfree(target);
xfree(originator);
if (sock < 0)
return -1;
sock, sock, -1, 4*1024, 32*1024, 0, xstrdup("direct-tcpip"));
}
-void
+void
server_input_channel_open(int type, int plen)
{
Channel *c = NULL;
if (strcmp(ctype, "session") == 0) {
debug("open session");
+ packet_done();
/*
* A server session has no fd to read or write
* until a CHANNEL_REQUEST for a shell is made,
xfree(ctype);
}
-void
+void
server_init_dispatch_20()
{
debug("server_init_dispatch_20");
dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
}
-void
+void
server_init_dispatch_13()
{
debug("server_init_dispatch_13");
dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
}
-void
+void
server_init_dispatch_15()
{
server_init_dispatch_13();
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
}
-void
+void
server_init_dispatch()
{
if (compat20)
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.2 2000/04/06 08:55:22 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.4 2000/04/14 10:30:33 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
* Function to perform cleanup if we get aborted abnormally (e.g., due to a
* dropped connection).
*/
-void
+void
pty_cleanup_proc(void *session)
{
Session *s=session;
* terminals are allocated, X11, TCP/IP, and authentication agent forwardings
* are requested, etc.
*/
-void
+void
do_authenticated(struct passwd * pw)
{
Session *s;
* will call do_child from the child, and server_loop from the parent after
* setting up file descriptors and such.
*/
-void
+void
do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
{
int pid;
* setting up file descriptors, controlling tty, updating wtmp, utmp,
* lastlog, and other such operations.
*/
-void
+void
do_exec_pty(Session *s, const char *command, struct passwd * pw)
{
FILE *f;
* Sets the value of the given variable in the environment. If the variable
* already exists, its value is overriden.
*/
-void
+void
child_set_env(char ***envp, unsigned int *envsizep, const char *name,
const char *value)
{
* Otherwise, it must consist of empty lines, comments (line starts with '#')
* and assignments of the form name=value. No other forms are allowed.
*/
-void
+void
read_environment_file(char ***env, unsigned int *envsize,
const char *filename)
{
* environment, closing extra file descriptors, setting the user and group
* ids, and executing the command or shell.
*/
-void
+void
do_child(const char *command, struct passwd * pw, const char *term,
const char *display, const char *auth_proto,
const char *auth_data, const char *ttyname)
s->row = packet_get_int();
s->xpixel = packet_get_int();
s->ypixel = packet_get_int();
+ packet_done();
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
return 1;
}
session_pty_req(Session *s)
{
unsigned int len;
+ char *term_modes; /* encoded terminal modes */
if (s->ttyfd != -1)
- return -1;
+ return 0;
s->term = packet_get_string(&len);
s->col = packet_get_int();
s->row = packet_get_int();
s->xpixel = packet_get_int();
s->ypixel = packet_get_int();
+ term_modes = packet_get_string(&len);
+ packet_done();
if (strcmp(s->term, "") == 0) {
xfree(s->term);
s->ptyfd = -1;
s->ttyfd = -1;
error("session_pty_req: session %d alloc failed", s->self);
- return -1;
+ xfree(term_modes);
+ return 0;
}
debug("session_pty_req: session %d alloc %s", s->self, s->tty);
/*
-/* $OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $");
#include "ssh.h"
#include "rsa.h"
}
}
-void
+void
after_select(fd_set *readset, fd_set *writeset)
{
unsigned int i;
}
signal(SIGINT, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
- signal(SIGHUP, cleanup_exit);
- signal(SIGTERM, cleanup_exit);
+ signal(SIGHUP, cleanup_exit);
+ signal(SIGTERM, cleanup_exit);
while (1) {
FD_ZERO(&readset);
FD_ZERO(&writeset);
if (identity_comment) {
strlcpy(comment, identity_comment, sizeof(comment));
} else {
- /* Create default commend field for the passphrase. */
+ /* Create default commend field for the passphrase. */
if (gethostname(hostname, sizeof(hostname)) < 0) {
perror("gethostname");
exit(1);
.Op Ar command
.Pp
.Nm ssh
-.Op Fl afgknqtvxCPX46
+.Op Fl afgknqtvxCPX246
.Op Fl c Ar blowfish | 3des
.Op Fl e Ar escape_char
.Op Fl i Ar identity_file
Port forwardings can also be specified in the configuration file.
Privileged ports can be forwarded only when
logging in as root on the remote machine.
+.It Fl 2
+Forces
+.Nm
+to use protocol version 2 only.
.It Fl 4
Forces
.Nm
fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n");
fprintf(stderr, " -4 Use IPv4 only.\n");
fprintf(stderr, " -6 Use IPv6 only.\n");
+ fprintf(stderr, " -2 Force protocol version 2.\n");
fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n");
exit(1);
}
if (host)
break;
if ((cp = strchr(av[optind], '@'))) {
- if(cp == av[optind])
- usage();
+ if(cp == av[optind])
+ usage();
options.user = av[optind];
*cp = '\0';
host = ++cp;
optarg = NULL;
}
switch (opt) {
+ case '2':
+ options.protocol = SSH_PROTO_2;
+ break;
case '4':
IPv4or6 = AF_INET;
break;
-
case '6':
IPv4or6 = AF_INET6;
break;
-
case 'n':
stdin_null_flag = 1;
break;
-
case 'f':
fork_after_authentication_flag = 1;
stdin_null_flag = 1;
break;
-
case 'x':
options.forward_x11 = 0;
break;
-
case 'X':
options.forward_x11 = 1;
break;
-
case 'g':
options.gateway_ports = 1;
break;
-
case 'P':
options.use_privileged_port = 0;
break;
-
case 'a':
options.forward_agent = 0;
break;
options.identity_files[options.num_identity_files++] =
xstrdup(optarg);
break;
-
case 't':
tty_flag = 1;
break;
-
case 'v':
case 'V':
fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n",
debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG;
break;
-
case 'q':
options.log_level = SYSLOG_LEVEL_QUIET;
break;
-
case 'e':
if (optarg[0] == '^' && optarg[2] == 0 &&
(unsigned char) optarg[1] >= 64 && (unsigned char) optarg[1] < 128)
exit(1);
}
break;
-
case 'c':
options.cipher = cipher_number(optarg);
if (options.cipher == -1) {
exit(1);
}
break;
-
case 'p':
options.port = atoi(optarg);
break;
-
case 'l':
options.user = optarg;
break;
-
case 'R':
if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
&fwd_host_port) != 3 &&
}
add_remote_forward(&options, fwd_port, buf, fwd_host_port);
break;
-
case 'L':
if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
&fwd_host_port) != 3 &&
}
add_local_forward(&options, fwd_port, buf, fwd_host_port);
break;
-
case 'C':
options.compression = 1;
break;
-
case 'N':
no_shell_flag = 1;
no_tty_flag = 1;
break;
-
case 'T':
no_tty_flag = 1;
break;
-
case 'o':
dummy = 1;
if (process_config_line(&options, host ? host : "", optarg,
"command-line", 0, &dummy) != 0)
exit(1);
break;
-
default:
usage();
}
/* Expand ~ in known host file names. */
options.system_hostfile = tilde_expand_filename(options.system_hostfile,
- original_real_uid);
+ original_real_uid);
options.user_hostfile = tilde_expand_filename(options.user_hostfile,
original_real_uid);
options.local_forwards[i].host,
options.local_forwards[i].host_port);
channel_request_local_forwarding(options.local_forwards[i].port,
- options.local_forwards[i].host,
+ options.local_forwards[i].host,
options.local_forwards[i].host_port,
options.gateway_ports);
}
options.remote_forwards[i].host_port);
channel_request_remote_forwarding(options.remote_forwards[i].port,
options.remote_forwards[i].host,
- options.remote_forwards[i].host_port);
+ options.remote_forwards[i].host_port);
}
/* If requested, let ssh continue in the background. */
- if (fork_after_authentication_flag)
+ if (fork_after_authentication_flag)
if (daemon(1, 1) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
options.local_forwards[i].host,
options.local_forwards[i].host_port);
channel_request_local_forwarding(options.local_forwards[i].port,
- options.local_forwards[i].host,
+ options.local_forwards[i].host,
options.local_forwards[i].host_port,
options.gateway_ports);
}
/*
- *
+ *
* ssh.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 17 17:09:37 1995 ylo
- *
+ *
* Generic header file for ssh.
- *
+ *
*/
/* RCSID("$Id$"); */
* information is not available. This must be called before record_login.
* The host from which the user logged in is stored in buf.
*/
-unsigned long
+unsigned long
get_last_login_time(uid_t uid, const char *logname,
char *buf, unsigned int bufsize);
* Records that the user has logged in. This does many things normally done
* by login(1).
*/
-void
+void
record_login(int pid, const char *ttyname, const char *user, uid_t uid,
const char *host, struct sockaddr *addr);
* and zero on failure. If the connection is successful, this calls
* packet_set_connection for the connection.
*/
-int
+int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
u_short port, int connection_attempts,
int anonymous, uid_t original_real_uid,
* references from the packet module).
*/
-void
+void
ssh_login(int host_key_valid, RSA * host_key, const char *host,
struct sockaddr * hostaddr, uid_t original_real_uid);
* Tries to authenticate the user using the .rhosts file and the host using
* its host key. Returns true if authentication succeeds.
*/
-int
+int
auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
/*
* precede the key to provide identification of the key without needing a
* passphrase.
*/
-int
+int
save_private_key(const char *filename, const char *passphrase,
RSA * private_key, const char *comment);
* comment of the key is returned in comment_return if it is non-NULL; the
* caller must free the value with xfree.
*/
-int
+int
load_public_key(const char *filename, RSA * pub,
char **comment_return);
* comment_return if it is non-NULL; the caller must free the value with
* xfree.
*/
-int
+int
load_private_key(const char *filename, const char *passphrase,
RSA * private_key, char **comment_return);
/*
- * draft-ietf-secsh-architecture-04.txt
+ * draft-ietf-secsh-architecture-04.txt
*
* Transport layer protocol:
- *
+ *
* 1-19 Transport layer generic (e.g. disconnect, ignore, debug,
* etc)
* 20-29 Algorithm negotiation
* 30-49 Key exchange method specific (numbers can be reused for
* different authentication methods)
- *
+ *
* User authentication protocol:
- *
+ *
* 50-59 User authentication generic
* 60-79 User authentication method specific (numbers can be reused
* for different authentication methods)
- *
+ *
* Connection protocol:
- *
+ *
* 80-89 Connection protocol generic
* 90-127 Channel related messages
- *
+ *
* Reserved for client protocols:
- *
+ *
* 128-191 Reserved
- *
+ *
* Local extensions:
- *
+ *
* 192-255 Local extensions
*/
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
debug("Trying again...");
/* Loop through addresses for this host, and try each one in
- sequence until the connection succeeds. */
+ sequence until the connection succeeds. */
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
host, ntop, strport);
/* Create a socket for connecting. */
- sock = ssh_create_socket(original_real_uid,
+ sock = ssh_create_socket(original_real_uid,
!anonymous && geteuid() == 0 && port < IPPORT_RESERVED,
ai->ai_family);
if (sock < 0)
break;
}
/* FALLTHROUGH */
- default:
+ default:
mismatch = 1;
break;
}
debug("Sending KEX init.");
if (options.ciphers != NULL) {
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
} else if (
options.cipher == SSH_CIPHER_ARCFOUR ||
- options.cipher == SSH_CIPHER_3DES_CBC ||
- options.cipher == SSH_CIPHER_CAST128_CBC ||
- options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+ options.cipher == SSH_CIPHER_3DES_CBC ||
+ options.cipher == SSH_CIPHER_CAST128_CBC ||
+ options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
}
debug("first kex follow == %d", i);
i = packet_get_int();
debug("reserved == %d", i);
+ packet_done();
debug("done read kexinit");
kex = kex_choose_conf(cprop, sprop, 0);
fprintf(stderr, "\npub= ");
bignum_print(dh->pub_key);
fprintf(stderr, "\n");
- DHparams_print_fp(stderr, dh);
+ DHparams_print_fp(stderr, dh);
#endif
debug("Wait SSH2_MSG_KEXDH_REPLY.");
/* signed H */
signature = packet_get_string(&slen);
+ packet_done();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
kout = DH_compute_key(kbuf, dh_server_pub, dh);
#ifdef DEBUG_KEXDH
debug("shared secret: len %d/%d", klen, kout);
- fprintf(stderr, "shared secret == ");
- for (i = 0; i< kout; i++)
- fprintf(stderr, "%02x", (kbuf[i])&0xff);
- fprintf(stderr, "\n");
+ fprintf(stderr, "shared secret == ");
+ for (i = 0; i< kout; i++)
+ fprintf(stderr, "%02x", (kbuf[i])&0xff);
+ fprintf(stderr, "\n");
#endif
- shared_secret = BN_new();
+ shared_secret = BN_new();
- BN_bin2bn(kbuf, kout, shared_secret);
+ BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
xfree(client_kexinit);
xfree(server_kexinit);
#ifdef DEBUG_KEXDH
- fprintf(stderr, "hash == ");
- for (i = 0; i< 20; i++)
- fprintf(stderr, "%02x", (hash[i])&0xff);
- fprintf(stderr, "\n");
+ fprintf(stderr, "hash == ");
+ for (i = 0; i< 20; i++)
+ fprintf(stderr, "%02x", (hash[i])&0xff);
+ fprintf(stderr, "\n");
#endif
dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20);
key_free(server_host_key);
debug("Wait SSH2_MSG_NEWKEYS.");
packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS);
+ packet_done();
debug("GOT SSH2_MSG_NEWKEYS.");
debug("send SSH2_MSG_NEWKEYS.");
char *server_user, *local_user;
char *auths;
char *password;
- char *service = "ssh-connection"; // service name
+ char *service = "ssh-connection"; /* service name */
debug("send SSH2_MSG_SERVICE_REQUEST");
packet_start(SSH2_MSG_SERVICE_REQUEST);
if (type != SSH2_MSG_SERVICE_ACCEPT) {
fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
}
- /* payload empty for ssh-2.0.13 ?? */
- /* reply = packet_get_string(&payload_len); */
+ if (packet_remaining() > 0) {
+ char *reply = packet_get_string(&plen);
+ debug("service_accept: %s", reply);
+ xfree(reply);
+ } else {
+ /* payload empty for ssh-2.0.13 ?? */
+ log("buggy server: service_accept w/o service");
+ }
+ packet_done();
debug("got SSH2_MSG_SERVICE_ACCEPT");
/*XX COMMONCODE: */
auths = packet_get_string(&dlen);
debug("authentications that can continue: %s", auths);
partial = packet_get_char();
+ packet_done();
if (partial)
debug("partial success");
if (strstr(auths, "password") == NULL)
packet_send();
packet_write_wait();
}
+ packet_done();
debug("ssh-userauth2 successfull");
}
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.104 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.105 2000/04/14 10:30:33 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
/* Name of the server configuration file. */
char *config_file_name = SERVER_CONFIG_FILE;
-/*
+/*
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
* Default value is AF_UNSPEC means both IPv4 and IPv6.
*/
* the effect is to reread the configuration file (and to regenerate
* the server key).
*/
-void
+void
sighup_handler(int sig)
{
received_sighup = 1;
* Called from the main program after receiving SIGHUP.
* Restarts the server.
*/
-void
+void
sighup_restart()
{
log("Received SIGHUP; restarting.");
* These close the listen socket; not closing it seems to cause "Address
* already in use" problems on some machines, which is inconvenient.
*/
-void
+void
sigterm_handler(int sig)
{
log("Received signal %d; terminating.", sig);
* SIGCHLD handler. This is called whenever a child dies. This will then
* reap any zombies left by exited c.
*/
-void
+void
main_sigchld_handler(int sig)
{
int save_errno = errno;
/*
* Signal handler for the alarm after the login grace period has expired.
*/
-void
+void
grace_alarm_handler(int sig)
{
/* Close the connection. */
* Thus there should be no concurrency control/asynchronous execution
* problems.
*/
-void
+void
key_regeneration_alarm(int sig)
{
int save_errno = errno;
char *
chop(char *s)
{
- char *t = s;
- while (*t) {
- if(*t == '\n' || *t == '\r') {
- *t = '\0';
- return s;
- }
- t++;
- }
- return s;
+ char *t = s;
+ while (*t) {
+ if(*t == '\n' || *t == '\r') {
+ *t = '\0';
+ return s;
+ }
+ t++;
+ }
+ return s;
}
*/
if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
&remote_major, &remote_minor, remote_version) != 3) {
- s = "Protocol mismatch.\n";
+ s = "Protocol mismatch.\n";
(void) atomicio(write, sock_out, s, strlen(s));
close(sock_in);
close(sock_out);
break;
}
/* FALLTHROUGH */
- default:
+ default:
mismatch = 1;
break;
}
for (i = 0; i < num_listen_socks; i++)
if (listen_socks[i] > maxfd)
maxfd = listen_socks[i];
- fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
- fdset = (fd_set *)xmalloc(fdsetsz);
+ fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
+ fdset = (fd_set *)xmalloc(fdsetsz);
/*
* Stay listening for connections until the system crashes or
/* Get cipher type and check whether we accept this. */
cipher_type = packet_get_char();
- if (!(cipher_mask() & (1 << cipher_type)))
+ if (!(cipher_mask() & (1 << cipher_type)))
packet_disconnect("Warning: client selects unsupported cipher.");
/* Get check bytes from the packet. These must match those we
/* KEXINIT */
if (options.ciphers != NULL) {
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
xfree(client_kexinit);
xfree(server_kexinit);
#ifdef DEBUG_KEXDH
- fprintf(stderr, "hash == ");
- for (i = 0; i< 20; i++)
- fprintf(stderr, "%02x", (hash[i])&0xff);
- fprintf(stderr, "\n");
+ fprintf(stderr, "hash == ");
+ for (i = 0; i< 20; i++)
+ fprintf(stderr, "%02x", (hash[i])&0xff);
+ fprintf(stderr, "\n");
#endif
/* sign H */
dsa_sign(server_host_key, &signature, &slen, hash, 20);
* Converts POSIX speed_t to a baud rate. The values of the
* constants for speed_t are not themselves portable.
*/
-static int
+static int
speed_to_baud(speed_t speed)
{
switch (speed) {
/*
* Converts a numeric baud rate to a POSIX speed_t.
*/
-static speed_t
+static speed_t
baud_to_speed(int baud)
{
switch (baud) {
* in a portable manner, and appends the modes to a packet
* being constructed.
*/
-void
+void
tty_make_modes(int fd)
{
struct termios tio;
* Decodes terminal modes for the terminal referenced by fd in a portable
* manner from a packet being read.
*/
-void
+void
tty_parse_modes(int fd, int *n_bytes_ptr)
{
struct termios tio;
/*
- *
+ *
* ttymodes.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* SGTTY stuff contributed by Janne Snabb <snabb@niksula.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Tue Mar 21 15:42:09 1995 ylo
- *
+ *
*/
/* RCSID("$Id$"); */
* Temporarily changes to the given uid. If the effective user
* id is not root, this does nothing. This call cannot be nested.
*/
-void
+void
temporarily_use_uid(uid_t uid)
{
#ifdef SAVED_IDS_WORK_WITH_SETEUID
/*
* Restores to the original uid.
*/
-void
+void
restore_uid()
{
#ifdef SAVED_IDS_WORK_WITH_SETEUID
* Permanently sets all uids to the given uid. This cannot be
* called while temporarily_use_uid is effective.
*/
-void
+void
permanently_set_uid(uid_t uid)
{
if (setuid(uid) < 0)
/*
- *
+ *
* uidswap.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Sep 9 01:43:15 1995 ylo
* Last modified: Sat Sep 9 02:34:04 1995 ylo
- *
+ *
*/
#ifndef UIDSWAP_H
return new_ptr;
}
-void
+void
xfree(void *ptr)
{
if (ptr == NULL)
/*
- *
+ *
* xmalloc.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 20 22:09:17 1995 ylo
- *
+ *
* Versions of malloc and friends that check their results, and never return
* failure (they call fatal if they encounter an error).
- *
+ *
*/
/* RCSID("$Id$"); */