- OpenBSD CVS updates.

[ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   - whitespace cleanup
This commit is contained in:
Damien Miller 2000-04-16 11:18:38 +10:00
parent 5d1705ecf9
commit 4af51306d9
67 changed files with 779 additions and 646 deletions

View File

@ -1,3 +1,13 @@
20000415
- OpenBSD CVS updates.
[ssh.1 ssh.c]
- ssh -2
[auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
[session.c sshconnect.c]
- check payload for (illegal) extra data
[ALL]
whitespace cleanup
20000413 20000413
- INSTALL doc updates - INSTALL doc updates
- Merged OpenBSD updates to include paths. - Merged OpenBSD updates to include paths.

View File

@ -11,7 +11,7 @@
#ifndef USE_PAM #ifndef USE_PAM
RCSID("$Id: auth-passwd.c,v 1.16 2000/01/22 23:32:03 damien Exp $"); RCSID("$Id: auth-passwd.c,v 1.17 2000/04/16 01:18:39 damien Exp $");
#include "packet.h" #include "packet.h"
#include "ssh.h" #include "ssh.h"

View File

@ -15,7 +15,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: auth-rh-rsa.c,v 1.9 2000/04/13 02:26:35 damien Exp $"); RCSID("$Id: auth-rh-rsa.c,v 1.10 2000/04/16 01:18:39 damien Exp $");
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <openssl/bn.h> #include <openssl/bn.h>

View File

@ -16,7 +16,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: auth-rhosts.c,v 1.7 1999/12/27 12:54:55 damien Exp $"); RCSID("$Id: auth-rhosts.c,v 1.8 2000/04/16 01:18:39 damien Exp $");
#include "packet.h" #include "packet.h"
#include "ssh.h" #include "ssh.h"

View File

@ -16,7 +16,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: auth-rsa.c,v 1.15 2000/04/13 02:26:35 damien Exp $"); RCSID("$Id: auth-rsa.c,v 1.16 2000/04/16 01:18:39 damien Exp $");
#include "rsa.h" #include "rsa.h"
#include "packet.h" #include "packet.h"
@ -244,7 +244,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
debug("%.100s, line %lu: bad key syntax", debug("%.100s, line %lu: bad key syntax",
SSH_USER_PERMITTED_KEYS, linenum); SSH_USER_PERMITTED_KEYS, linenum);
packet_send_debug("%.100s, line %lu: bad key syntax", packet_send_debug("%.100s, line %lu: bad key syntax",
SSH_USER_PERMITTED_KEYS, linenum); SSH_USER_PERMITTED_KEYS, linenum);
continue; continue;
} }
/* cp now points to the comment part. */ /* cp now points to the comment part. */

View File

@ -1,7 +1,7 @@
#include "includes.h" #include "includes.h"
#ifdef SKEY #ifdef SKEY
RCSID("$Id: auth-skey.c,v 1.5 1999/12/06 19:04:57 deraadt Exp $"); RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "packet.h" #include "packet.h"
@ -53,18 +53,18 @@ auth_skey_password(struct passwd * pw, const char *password)
*/ */
static u_int32_t static u_int32_t
hash_collapse(s) hash_collapse(s)
u_char *s; u_char *s;
{ {
int len, target; int len, target;
u_int32_t i; u_int32_t i;
if ((strlen(s) % sizeof(u_int32_t)) == 0) if ((strlen(s) % sizeof(u_int32_t)) == 0)
target = strlen(s); /* Multiple of 4 */ target = strlen(s); /* Multiple of 4 */
else else
target = strlen(s) - (strlen(s) % sizeof(u_int32_t)); target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
for (i = 0, len = 0; len < target; len += 4) for (i = 0, len = 0; len < target; len += 4)
i ^= ROUND(s + len); i ^= ROUND(s + len);
return i; return i;
} }

56
auth.c
View File

@ -5,7 +5,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: auth.c,v 1.2 2000/04/06 08:55:22 markus Exp $"); RCSID("$OpenBSD: auth.c,v 1.4 2000/04/14 10:30:29 markus Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "rsa.h" #include "rsa.h"
@ -201,10 +201,10 @@ do_fake_authloop1(char *user)
packet_write_wait(); packet_write_wait();
continue; continue;
} else if (type == SSH_CMSG_AUTH_PASSWORD && } else if (type == SSH_CMSG_AUTH_PASSWORD &&
options.password_authentication && options.password_authentication &&
(password = packet_get_string(&dlen)) != NULL && (password = packet_get_string(&dlen)) != NULL &&
dlen == 5 && dlen == 5 &&
strncasecmp(password, "s/key", 5) == 0 ) { strncasecmp(password, "s/key", 5) == 0 ) {
packet_send_debug(skeyinfo); packet_send_debug(skeyinfo);
} }
if (password != NULL) if (password != NULL)
@ -457,20 +457,20 @@ do_authloop(struct passwd * pw)
break; break;
} }
/* /*
* Check if the user is logging in as root and root logins * Check if the user is logging in as root and root logins
* are disallowed. * are disallowed.
* Note that root login is allowed for forced commands. * Note that root login is allowed for forced commands.
*/ */
if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) { if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
if (forced_command) { if (forced_command) {
log("Root login accepted for forced command."); log("Root login accepted for forced command.");
} else { } else {
authenticated = 0; authenticated = 0;
log("ROOT LOGIN REFUSED FROM %.200s", log("ROOT LOGIN REFUSED FROM %.200s",
get_canonical_hostname()); get_canonical_hostname());
} }
} }
/* Raise logging level */ /* Raise logging level */
if (authenticated || if (authenticated ||
@ -685,6 +685,7 @@ input_service_request(int type, int plen)
unsigned int len; unsigned int len;
int accept = 0; int accept = 0;
char *service = packet_get_string(&len); char *service = packet_get_string(&len);
packet_done();
if (strcmp(service, "ssh-userauth") == 0) { if (strcmp(service, "ssh-userauth") == 0) {
if (!userauth_success) { if (!userauth_success) {
@ -727,6 +728,7 @@ input_userauth_request(int type, int plen)
pw = auth_set_user(user, service); pw = auth_set_user(user, service);
if (pw && strcmp(service, "ssh-connection")==0) { if (pw && strcmp(service, "ssh-connection")==0) {
if (strcmp(method, "none") == 0 && try == 1) { if (strcmp(method, "none") == 0 && try == 1) {
packet_done();
#ifdef USE_PAM #ifdef USE_PAM
/* Do PAM auth with password */ /* Do PAM auth with password */
authenticated = auth_pam_password(pw, ""); authenticated = auth_pam_password(pw, "");
@ -740,6 +742,7 @@ input_userauth_request(int type, int plen)
if (c) if (c)
debug("password change not supported"); debug("password change not supported");
password = packet_get_string(&len); password = packet_get_string(&len);
packet_done();
#ifdef USE_PAM #ifdef USE_PAM
/* Do PAM auth with password */ /* Do PAM auth with password */
authenticated = auth_pam_password(pw, password); authenticated = auth_pam_password(pw, password);
@ -751,11 +754,19 @@ input_userauth_request(int type, int plen)
xfree(password); xfree(password);
} else if (strcmp(method, "publickey") == 0) { } else if (strcmp(method, "publickey") == 0) {
/* XXX TODO */ /* XXX TODO */
char *pkalg; char *pkalg, *pkblob, *sig;
char *pkblob; int have_sig = packet_get_char();
c = packet_get_char();
pkalg = packet_get_string(&len); pkalg = packet_get_string(&len);
pkblob = packet_get_string(&len); pkblob = packet_get_string(&len);
if (have_sig) {
sig = packet_get_string(&len);
/* test for correct signature */
packet_done();
xfree(sig);
} else {
packet_done();
/* test whether pkalg/pkblob are acceptable */
}
xfree(pkalg); xfree(pkalg);
xfree(pkblob); xfree(pkblob);
} }
@ -764,7 +775,6 @@ input_userauth_request(int type, int plen)
if (authenticated) { if (authenticated) {
/* turn off userauth */ /* turn off userauth */
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
/* success! */
packet_start(SSH2_MSG_USERAUTH_SUCCESS); packet_start(SSH2_MSG_USERAUTH_SUCCESS);
packet_send(); packet_send();
packet_write_wait(); packet_write_wait();

View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: authfd.c,v 1.11 2000/04/13 02:26:35 damien Exp $"); RCSID("$Id: authfd.c,v 1.12 2000/04/16 01:18:40 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "rsa.h" #include "rsa.h"

View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: authfd.h,v 1.4 1999/11/25 00:54:58 damien Exp $"); */ /* RCSID("$Id: authfd.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
#ifndef AUTHFD_H #ifndef AUTHFD_H
#define AUTHFD_H #define AUTHFD_H

View File

@ -15,7 +15,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: authfile.c,v 1.9 2000/04/13 02:26:36 damien Exp $"); RCSID("$Id: authfile.c,v 1.10 2000/04/16 01:18:40 damien Exp $");
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <openssl/bn.h> #include <openssl/bn.h>

View File

@ -17,7 +17,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: bufaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $"); RCSID("$Id: bufaux.c,v 1.11 2000/04/16 01:18:40 damien Exp $");
#include "ssh.h" #include "ssh.h"

View File

@ -11,7 +11,7 @@
* *
*/ */
/* RCSID("$Id: bufaux.h,v 1.4 2000/04/01 01:09:23 damien Exp $"); */ /* RCSID("$Id: bufaux.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
#ifndef BUFAUX_H #ifndef BUFAUX_H
#define BUFAUX_H #define BUFAUX_H

View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: buffer.c,v 1.4 2000/04/13 02:26:36 damien Exp $"); RCSID("$Id: buffer.c,v 1.5 2000/04/16 01:18:40 damien Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "buffer.h" #include "buffer.h"

View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: canohost.c,v 1.8 2000/03/11 09:45:41 damien Exp $"); RCSID("$Id: canohost.c,v 1.9 2000/04/16 01:18:40 damien Exp $");
#include "packet.h" #include "packet.h"
#include "xmalloc.h" #include "xmalloc.h"

View File

@ -17,7 +17,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: channels.c,v 1.24 2000/04/12 10:17:38 damien Exp $"); RCSID("$Id: channels.c,v 1.25 2000/04/16 01:18:41 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "packet.h" #include "packet.h"
@ -540,8 +540,10 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
packet_put_int(newch); packet_put_int(newch);
packet_put_int(c->local_window_max); packet_put_int(c->local_window_max);
packet_put_int(c->local_maxpacket); packet_put_int(c->local_maxpacket);
/* target host and port */
packet_put_string(c->path, strlen(c->path)); packet_put_string(c->path, strlen(c->path));
packet_put_int(c->host_port); packet_put_int(c->host_port);
/* originator host and port */
packet_put_cstring(remote_hostname); packet_put_cstring(remote_hostname);
packet_put_int(remote_port); packet_put_int(remote_port);
packet_send(); packet_send();
@ -934,6 +936,7 @@ channel_input_data(int type, int plen)
/* Get the data. */ /* Get the data. */
data = packet_get_string(&data_len); data = packet_get_string(&data_len);
packet_done();
if (compat20){ if (compat20){
if (data_len > c->local_maxpacket) { if (data_len > c->local_maxpacket) {
@ -980,6 +983,7 @@ channel_input_extended_data(int type, int plen)
return; return;
} }
data = packet_get_string(&data_len); data = packet_get_string(&data_len);
packet_done();
if (data_len > c->local_window) { if (data_len > c->local_window) {
log("channel %d: rcvd too much extended_data %d, win %d", log("channel %d: rcvd too much extended_data %d, win %d",
c->self, data_len, c->local_window); c->self, data_len, c->local_window);
@ -1093,6 +1097,7 @@ channel_input_close_confirmation(int type, int plen)
int id = packet_get_int(); int id = packet_get_int();
Channel *c = channel_lookup(id); Channel *c = channel_lookup(id);
packet_done();
if (c == NULL) if (c == NULL)
packet_disconnect("Received close confirmation for " packet_disconnect("Received close confirmation for "
"out-of-range channel %d.", id); "out-of-range channel %d.", id);
@ -1125,6 +1130,7 @@ channel_input_open_confirmation(int type, int plen)
if (compat20) { if (compat20) {
c->remote_window = packet_get_int(); c->remote_window = packet_get_int();
c->remote_maxpacket = packet_get_int(); c->remote_maxpacket = packet_get_int();
packet_done();
if (c->cb_fn != NULL && c->cb_event == type) { if (c->cb_fn != NULL && c->cb_event == type) {
debug("callback start"); debug("callback start");
c->cb_fn(c->self, c->cb_arg); c->cb_fn(c->self, c->cb_arg);
@ -1153,8 +1159,11 @@ channel_input_open_failure(int type, int plen)
if (compat20) { if (compat20) {
int reason = packet_get_int(); int reason = packet_get_int();
char *msg = packet_get_string(NULL); char *msg = packet_get_string(NULL);
char *lang = packet_get_string(NULL);
log("channel_open_failure: %d: reason %d: %s", id, reason, msg); log("channel_open_failure: %d: reason %d: %s", id, reason, msg);
packet_done();
xfree(msg); xfree(msg);
xfree(lang);
} }
/* Free the channel. This will also close the socket. */ /* Free the channel. This will also close the socket. */
channel_free(id); channel_free(id);
@ -1204,6 +1213,7 @@ channel_input_window_adjust(int type, int plen)
return; return;
} }
adjust = packet_get_int(); adjust = packet_get_int();
packet_done();
debug("channel %d: rcvd adjust %d", id, adjust); debug("channel %d: rcvd adjust %d", id, adjust);
c->remote_window += adjust; c->remote_window += adjust;
} }

View File

@ -1,4 +1,4 @@
/* RCSID("$Id: channels.h,v 1.6 2000/04/04 04:39:01 damien Exp $"); */ /* RCSID("$Id: channels.h,v 1.7 2000/04/16 01:18:41 damien Exp $"); */
#ifndef CHANNELS_H #ifndef CHANNELS_H
#define CHANNELS_H #define CHANNELS_H

View File

@ -12,7 +12,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: cipher.c,v 1.18 2000/04/13 02:26:36 damien Exp $"); RCSID("$Id: cipher.c,v 1.19 2000/04/16 01:18:41 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "cipher.h" #include "cipher.h"
@ -379,14 +379,14 @@ cipher_encrypt(CipherContext *context, unsigned char *dest,
case SSH_CIPHER_BLOWFISH: case SSH_CIPHER_BLOWFISH:
swap_bytes(src, dest, len); swap_bytes(src, dest, len);
BF_cbc_encrypt(dest, dest, len, BF_cbc_encrypt(dest, dest, len,
&context->u.bf.key, context->u.bf.iv, &context->u.bf.key, context->u.bf.iv,
BF_ENCRYPT); BF_ENCRYPT);
swap_bytes(dest, dest, len); swap_bytes(dest, dest, len);
break; break;
case SSH_CIPHER_BLOWFISH_CBC: case SSH_CIPHER_BLOWFISH_CBC:
BF_cbc_encrypt((void *)src, dest, len, BF_cbc_encrypt((void *)src, dest, len,
&context->u.bf.key, context->u.bf.iv, &context->u.bf.key, context->u.bf.iv,
BF_ENCRYPT); BF_ENCRYPT);
break; break;

View File

@ -11,7 +11,7 @@
* *
*/ */
/* RCSID("$Id: cipher.h,v 1.10 2000/04/13 02:26:36 damien Exp $"); */ /* RCSID("$Id: cipher.h,v 1.11 2000/04/16 01:18:41 damien Exp $"); */
#ifndef CIPHER_H #ifndef CIPHER_H
#define CIPHER_H #define CIPHER_H

View File

@ -16,7 +16,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: clientloop.c,v 1.10 2000/04/12 10:17:39 damien Exp $"); RCSID("$Id: clientloop.c,v 1.11 2000/04/16 01:18:41 damien Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"
@ -1027,6 +1027,7 @@ client_input_channel_req(int id, void *arg)
} else if (strcmp(rtype, "exit-status") == 0) { } else if (strcmp(rtype, "exit-status") == 0) {
success = 1; success = 1;
exit_status = packet_get_int(); exit_status = packet_get_int();
packet_done();
} }
if (reply) { if (reply) {
packet_start(success ? packet_start(success ?

View File

@ -28,7 +28,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: compat.c,v 1.7 2000/04/12 10:17:39 damien Exp $"); RCSID("$Id: compat.c,v 1.8 2000/04/16 01:18:42 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "packet.h" #include "packet.h"

View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: compress.c,v 1.5 2000/04/01 01:09:24 damien Exp $"); RCSID("$Id: compress.c,v 1.6 2000/04/16 01:18:42 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "buffer.h" #include "buffer.h"

View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: compress.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */ /* RCSID("$Id: compress.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */
#ifndef COMPRESS_H #ifndef COMPRESS_H
#define COMPRESS_H #define COMPRESS_H

View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: crc32.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */ /* RCSID("$Id: crc32.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */
#ifndef CRC32_H #ifndef CRC32_H
#define CRC32_H #define CRC32_H

78
dispatch.c Normal file
View File

@ -0,0 +1,78 @@
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Markus Friedl.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$Id: dispatch.c,v 1.3 2000/04/16 01:18:42 damien Exp $");
#include "ssh.h"
#include "dispatch.h"
#include "packet.h"
#define DISPATCH_MIN 0
#define DISPATCH_MAX 255
dispatch_fn *dispatch[DISPATCH_MAX];
void
dispatch_protocol_error(int type, int plen)
{
error("Hm, dispatch protocol error: type %d plen %d", type, plen);
}
void
dispatch_init(dispatch_fn *dflt)
{
int i;
for (i = 0; i < DISPATCH_MAX; i++)
dispatch[i] = dflt;
}
void
dispatch_set(int type, dispatch_fn *fn)
{
dispatch[type] = fn;
}
void
dispatch_run(int mode, int *done)
{
for (;;) {
int plen;
int type;
if (mode == DISPATCH_BLOCK) {
type = packet_read(&plen);
} else {
type = packet_read_poll(&plen);
if (type == SSH_MSG_NONE)
return;
}
if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL)
(*dispatch[type])(type, plen);
else
packet_disconnect("protocol error: rcvd type %d", type);
if (done != NULL && *done)
return;
}
}

8
dsa.c
View File

@ -28,7 +28,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: dsa.c,v 1.3 2000/04/12 09:39:10 markus Exp $"); RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "xmalloc.h" #include "xmalloc.h"
@ -182,9 +182,9 @@ dsa_sign(
sig = DSA_do_sign(digest, evp_md->md_size, key->dsa); sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
rlen = BN_num_bytes(sig->r); rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s); slen = BN_num_bytes(sig->s);
if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
error("bad sig size %d %d", rlen, slen); error("bad sig size %d %d", rlen, slen);
DSA_SIG_free(sig); DSA_SIG_free(sig);
return -1; return -1;

View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: getput.h,v 1.2 1999/11/24 13:26:22 damien Exp $"); */ /* RCSID("$Id: getput.h,v 1.3 2000/04/16 01:18:42 damien Exp $"); */
#ifndef GETPUT_H #ifndef GETPUT_H
#define GETPUT_H #define GETPUT_H
@ -21,7 +21,7 @@
/*------------ macros for storing/extracting msb first words -------------*/ /*------------ macros for storing/extracting msb first words -------------*/
#define GET_32BIT(cp) (((unsigned long)(unsigned char)(cp)[0] << 24) | \ #define GET_32BIT(cp) (((unsigned long)(unsigned char)(cp)[0] << 24) | \
((unsigned long)(unsigned char)(cp)[1] << 16) | \ ((unsigned long)(unsigned char)(cp)[1] << 16) | \
((unsigned long)(unsigned char)(cp)[2] << 8) | \ ((unsigned long)(unsigned char)(cp)[2] << 8) | \
((unsigned long)(unsigned char)(cp)[3])) ((unsigned long)(unsigned char)(cp)[3]))

View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: hostfile.c,v 1.15 2000/04/12 09:39:10 markus Exp $"); RCSID("$OpenBSD: hostfile.c,v 1.16 2000/04/14 10:30:31 markus Exp $");
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <openssl/bn.h> #include <openssl/bn.h>

12
kex.c
View File

@ -28,7 +28,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: kex.c,v 1.4 2000/04/13 02:26:36 damien Exp $"); RCSID("$Id: kex.c,v 1.5 2000/04/16 01:18:43 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "ssh2.h" #include "ssh2.h"
@ -149,12 +149,12 @@ void
dump_digest(unsigned char *digest, int len) dump_digest(unsigned char *digest, int len)
{ {
int i; int i;
for (i = 0; i< len; i++){ for (i = 0; i< len; i++){
fprintf(stderr, "%02x", digest[i]); fprintf(stderr, "%02x", digest[i]);
if(i%2!=0) if(i%2!=0)
fprintf(stderr, " "); fprintf(stderr, " ");
} }
fprintf(stderr, "\n"); fprintf(stderr, "\n");
} }
unsigned char * unsigned char *
@ -201,7 +201,7 @@ kex_hash(
buffer_free(&b); buffer_free(&b);
#ifdef DEBUG_KEX #ifdef DEBUG_KEX
dump_digest(digest, evp_md->md_size); dump_digest(digest, evp_md->md_size);
#endif #endif
return digest; return digest;
} }
@ -345,7 +345,7 @@ choose_kex(Kex *k, char *client, char *server)
k->name = get_match(client, server); k->name = get_match(client, server);
if (k->name == NULL) if (k->name == NULL)
fatal("no kex alg"); fatal("no kex alg");
if (strcmp(k->name, KEX_DH1) != 0) if (strcmp(k->name, KEX_DH1) != 0)
fatal("bad kex alg %s", k->name); fatal("bad kex alg %s", k->name);
} }
void void

View File

@ -15,7 +15,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: log-client.c,v 1.5 2000/03/09 10:27:50 damien Exp $"); RCSID("$Id: log-client.c,v 1.6 2000/04/16 01:18:43 damien Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"

View File

@ -15,7 +15,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: log-server.c,v 1.8 2000/04/01 01:09:24 damien Exp $"); RCSID("$Id: log-server.c,v 1.9 2000/04/16 01:18:43 damien Exp $");
#include <syslog.h> #include <syslog.h>
#include "packet.h" #include "packet.h"

View File

@ -18,7 +18,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: login.c,v 1.22 2000/02/02 08:17:41 damien Exp $"); RCSID("$Id: login.c,v 1.23 2000/04/16 01:18:43 damien Exp $");
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
# include <utmpx.h> # include <utmpx.h>

View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: match.c,v 1.4 2000/03/26 03:04:53 damien Exp $"); RCSID("$Id: match.c,v 1.5 2000/04/16 01:18:43 damien Exp $");
#include "ssh.h" #include "ssh.h"

View File

@ -15,7 +15,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: mpaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $"); RCSID("$Id: mpaux.c,v 1.11 2000/04/16 01:18:43 damien Exp $");
#include "getput.h" #include "getput.h"
#include "xmalloc.h" #include "xmalloc.h"

View File

@ -13,7 +13,7 @@
* precision integers. * precision integers.
*/ */
/* RCSID("$Id: mpaux.h,v 1.4 1999/11/25 00:54:59 damien Exp $"); */ /* RCSID("$Id: mpaux.h,v 1.5 2000/04/16 01:18:43 damien Exp $"); */
#ifndef MPAUX_H #ifndef MPAUX_H
#define MPAUX_H #define MPAUX_H

View File

@ -28,7 +28,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: nchan.c,v 1.7 2000/04/04 04:39:02 damien Exp $"); RCSID("$Id: nchan.c,v 1.8 2000/04/16 01:18:43 damien Exp $");
#include "ssh.h" #include "ssh.h"

View File

@ -17,7 +17,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: packet.c,v 1.17 2000/04/13 02:26:37 damien Exp $"); RCSID("$Id: packet.c,v 1.18 2000/04/16 01:18:43 damien Exp $");
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
# include <openssl/bn.h> # include <openssl/bn.h>
@ -529,7 +529,7 @@ packet_send2()
unsigned int packet_length = 0; unsigned int packet_length = 0;
unsigned int i, padlen, len; unsigned int i, padlen, len;
u_int32_t rand = 0; u_int32_t rand = 0;
static unsigned int seqnr = 0; static unsigned int seqnr = 0;
int type; int type;
Enc *enc = NULL; Enc *enc = NULL;
Mac *mac = NULL; Mac *mac = NULL;
@ -611,9 +611,9 @@ packet_send2()
fprintf(stderr, "encrypted: "); fprintf(stderr, "encrypted: ");
buffer_dump(&output); buffer_dump(&output);
#endif #endif
/* increment sequence number for outgoing packets */ /* increment sequence number for outgoing packets */
if (++seqnr == 0) if (++seqnr == 0)
log("outgoing seqnr wraps around"); log("outgoing seqnr wraps around");
buffer_clear(&outgoing_packet); buffer_clear(&outgoing_packet);
if (type == SSH2_MSG_NEWKEYS) { if (type == SSH2_MSG_NEWKEYS) {
@ -877,7 +877,7 @@ packet_read_poll2(int *payload_len_ptr)
* compute MAC over seqnr and packet, * compute MAC over seqnr and packet,
* increment sequence number for incoming packet * increment sequence number for incoming packet
*/ */
if (mac && mac->enabled) { if (mac && mac->enabled) {
macbuf = hmac( mac->md, seqnr, macbuf = hmac( mac->md, seqnr,
(unsigned char *) buffer_ptr(&incoming_packet), (unsigned char *) buffer_ptr(&incoming_packet),
buffer_len(&incoming_packet), buffer_len(&incoming_packet),
@ -888,8 +888,8 @@ packet_read_poll2(int *payload_len_ptr)
DBG(debug("HMAC #%d ok", seqnr)); DBG(debug("HMAC #%d ok", seqnr));
buffer_consume(&input, mac->mac_len); buffer_consume(&input, mac->mac_len);
} }
if (++seqnr == 0) if (++seqnr == 0)
log("incoming seqnr wraps around"); log("incoming seqnr wraps around");
/* get padlen */ /* get padlen */
cp = buffer_ptr(&incoming_packet) + 4; cp = buffer_ptr(&incoming_packet) + 4;
@ -1063,6 +1063,12 @@ packet_get_raw(int *length_ptr)
return buffer_ptr(&incoming_packet); return buffer_ptr(&incoming_packet);
} }
int
packet_remaining(void)
{
return buffer_len(&incoming_packet);
}
/* /*
* Returns a string from the packet data. The string is allocated using * Returns a string from the packet data. The string is allocated using
* xmalloc; it is the responsibility of the calling program to free it when * xmalloc; it is the responsibility of the calling program to free it when

View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: packet.h,v 1.13 2000/04/13 02:26:37 damien Exp $"); */ /* RCSID("$Id: packet.h,v 1.14 2000/04/16 01:18:44 damien Exp $"); */
#ifndef PACKET_H #ifndef PACKET_H
#define PACKET_H #define PACKET_H
@ -201,6 +201,16 @@ do { \
} \ } \
} while (0) } while (0)
#define packet_done() \
do { \
int _len = packet_remaining(); \
if (_len > 0) { \
log("Packet integrity error (%d bytes remaining) at %s:%d", \
_len ,__FILE__, __LINE__); \
packet_disconnect("Packet integrity error."); \
} \
} while (0)
/* remote host is connected via a socket/ipv4 */ /* remote host is connected via a socket/ipv4 */
int packet_connection_is_on_socket(void); int packet_connection_is_on_socket(void);
int packet_connection_is_ipv4(void); int packet_connection_is_ipv4(void);
@ -208,4 +218,7 @@ int packet_connection_is_ipv4(void);
/* enable SSH2 packet format */ /* enable SSH2 packet format */
void packet_set_ssh2_format(void); void packet_set_ssh2_format(void);
/* returns remaining payload bytes */
int packet_remaining(void);
#endif /* PACKET_H */ #endif /* PACKET_H */

2
pty.c
View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: pty.c,v 1.17 2000/03/17 12:58:59 damien Exp $"); RCSID("$Id: pty.c,v 1.18 2000/04/16 01:18:44 damien Exp $");
#ifdef HAVE_UTIL_H #ifdef HAVE_UTIL_H
# include <util.h> # include <util.h>

2
pty.h
View File

@ -13,7 +13,7 @@
* tty. * tty.
*/ */
/* RCSID("$Id: pty.h,v 1.7 2000/04/01 01:09:25 damien Exp $"); */ /* RCSID("$Id: pty.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */
#ifndef PTY_H #ifndef PTY_H
#define PTY_H #define PTY_H

View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: readconf.c,v 1.10 2000/04/12 10:17:40 damien Exp $"); RCSID("$Id: readconf.c,v 1.11 2000/04/16 01:18:44 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "cipher.h" #include "cipher.h"

View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: readconf.h,v 1.7 2000/04/12 10:17:40 damien Exp $"); */ /* RCSID("$Id: readconf.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */
#ifndef READCONF_H #ifndef READCONF_H
#define READCONF_H #define READCONF_H

View File

@ -32,7 +32,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: readpass.c,v 1.5 2000/01/22 08:47:21 damien Exp $"); RCSID("$Id: readpass.c,v 1.6 2000/04/16 01:18:44 damien Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"

2
rsa.c
View File

@ -35,7 +35,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: rsa.c,v 1.13 2000/04/04 04:57:08 damien Exp $"); RCSID("$Id: rsa.c,v 1.14 2000/04/16 01:18:45 damien Exp $");
#include "rsa.h" #include "rsa.h"
#include "ssh.h" #include "ssh.h"

2
rsa.h
View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: rsa.h,v 1.7 2000/04/13 02:26:37 damien Exp $"); */ /* RCSID("$Id: rsa.h,v 1.8 2000/04/16 01:18:45 damien Exp $"); */
#ifndef RSA_H #ifndef RSA_H
#define RSA_H #define RSA_H

8
scp.c
View File

@ -45,7 +45,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: scp.c,v 1.18 2000/03/17 12:40:16 damien Exp $"); RCSID("$Id: scp.c,v 1.19 2000/04/16 01:18:45 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "xmalloc.h" #include "xmalloc.h"
@ -257,10 +257,10 @@ main(argc, argv)
switch (ch) { switch (ch) {
/* User-visible flags. */ /* User-visible flags. */
case '4': case '4':
IPv4 = 1; IPv4 = 1;
break; break;
case '6': case '6':
IPv6 = 1; IPv6 = 1;
break; break;
case 'p': case 'p':
pflag = 1; pflag = 1;
@ -1008,7 +1008,7 @@ run_err(const char *fmt,...)
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* $Id: scp.c,v 1.18 2000/03/17 12:40:16 damien Exp $ * $Id: scp.c,v 1.19 2000/04/16 01:18:45 damien Exp $
*/ */
char * char *

View File

@ -12,7 +12,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: servconf.c,v 1.11 2000/04/12 10:17:40 damien Exp $"); RCSID("$Id: servconf.c,v 1.12 2000/04/16 01:18:45 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "servconf.h" #include "servconf.h"
@ -310,7 +310,7 @@ read_server_config(ServerOptions *options, const char *filename)
"ListenAdress.\n", filename, linenum); "ListenAdress.\n", filename, linenum);
if (options->num_ports >= MAX_PORTS) if (options->num_ports >= MAX_PORTS)
fatal("%s line %d: too many ports.\n", fatal("%s line %d: too many ports.\n",
filename, linenum); filename, linenum);
cp = strtok(NULL, WHITESPACE); cp = strtok(NULL, WHITESPACE);
if (!cp) if (!cp)
fatal("%s line %d: missing port number.\n", fatal("%s line %d: missing port number.\n",

View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: servconf.h,v 1.8 2000/04/12 10:17:40 damien Exp $"); */ /* RCSID("$Id: servconf.h,v 1.9 2000/04/16 01:18:45 damien Exp $"); */
#ifndef SERVCONF_H #ifndef SERVCONF_H
#define SERVCONF_H #define SERVCONF_H

View File

@ -697,16 +697,17 @@ int
input_direct_tcpip(void) input_direct_tcpip(void)
{ {
int sock; int sock;
char *host, *originator; char *target, *originator;
int host_port, originator_port; int target_port, originator_port;
host = packet_get_string(NULL); target = packet_get_string(NULL);
host_port = packet_get_int(); target_port = packet_get_int();
originator = packet_get_string(NULL); originator = packet_get_string(NULL);
originator_port = packet_get_int(); originator_port = packet_get_int();
packet_done();
/* XXX check permission */ /* XXX check permission */
sock = channel_connect_to(host, host_port); sock = channel_connect_to(target, target_port);
xfree(host); xfree(target);
xfree(originator); xfree(originator);
if (sock < 0) if (sock < 0)
return -1; return -1;
@ -735,6 +736,7 @@ server_input_channel_open(int type, int plen)
if (strcmp(ctype, "session") == 0) { if (strcmp(ctype, "session") == 0) {
debug("open session"); debug("open session");
packet_done();
/* /*
* A server session has no fd to read or write * A server session has no fd to read or write
* until a CHANNEL_REQUEST for a shell is made, * until a CHANNEL_REQUEST for a shell is made,

View File

@ -8,7 +8,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: session.c,v 1.2 2000/04/06 08:55:22 markus Exp $"); RCSID("$OpenBSD: session.c,v 1.4 2000/04/14 10:30:33 markus Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"
@ -1202,6 +1202,7 @@ session_window_change_req(Session *s)
s->row = packet_get_int(); s->row = packet_get_int();
s->xpixel = packet_get_int(); s->xpixel = packet_get_int();
s->ypixel = packet_get_int(); s->ypixel = packet_get_int();
packet_done();
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
return 1; return 1;
} }
@ -1210,14 +1211,17 @@ int
session_pty_req(Session *s) session_pty_req(Session *s)
{ {
unsigned int len; unsigned int len;
char *term_modes; /* encoded terminal modes */
if (s->ttyfd != -1) if (s->ttyfd != -1)
return -1; return 0;
s->term = packet_get_string(&len); s->term = packet_get_string(&len);
s->col = packet_get_int(); s->col = packet_get_int();
s->row = packet_get_int(); s->row = packet_get_int();
s->xpixel = packet_get_int(); s->xpixel = packet_get_int();
s->ypixel = packet_get_int(); s->ypixel = packet_get_int();
term_modes = packet_get_string(&len);
packet_done();
if (strcmp(s->term, "") == 0) { if (strcmp(s->term, "") == 0) {
xfree(s->term); xfree(s->term);
@ -1230,7 +1234,8 @@ session_pty_req(Session *s)
s->ptyfd = -1; s->ptyfd = -1;
s->ttyfd = -1; s->ttyfd = -1;
error("session_pty_req: session %d alloc failed", s->self); error("session_pty_req: session %d alloc failed", s->self);
return -1; xfree(term_modes);
return 0;
} }
debug("session_pty_req: session %d alloc %s", s->self, s->tty); debug("session_pty_req: session %d alloc %s", s->self, s->tty);
/* /*

View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $ */ /* $OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -9,7 +9,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $"); RCSID("$OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "rsa.h" #include "rsa.h"

View File

@ -7,7 +7,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: ssh-keygen.c,v 1.12 2000/03/17 12:40:17 damien Exp $"); RCSID("$Id: ssh-keygen.c,v 1.13 2000/04/16 01:18:46 damien Exp $");
#include "rsa.h" #include "rsa.h"
#include "ssh.h" #include "ssh.h"
@ -508,7 +508,7 @@ passphrase_again:
if (identity_comment) { if (identity_comment) {
strlcpy(comment, identity_comment, sizeof(comment)); strlcpy(comment, identity_comment, sizeof(comment));
} else { } else {
/* Create default commend field for the passphrase. */ /* Create default commend field for the passphrase. */
if (gethostname(hostname, sizeof(hostname)) < 0) { if (gethostname(hostname, sizeof(hostname)) < 0) {
perror("gethostname"); perror("gethostname");
exit(1); exit(1);

8
ssh.1
View File

@ -9,7 +9,7 @@
.\" .\"
.\" Created: Sat Apr 22 21:55:14 1995 ylo .\" Created: Sat Apr 22 21:55:14 1995 ylo
.\" .\"
.\" $Id: ssh.1,v 1.21 2000/04/13 02:26:37 damien Exp $ .\" $Id: ssh.1,v 1.22 2000/04/16 01:18:46 damien Exp $
.\" .\"
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSH 1 .Dt SSH 1
@ -24,7 +24,7 @@
.Op Ar command .Op Ar command
.Pp .Pp
.Nm ssh .Nm ssh
.Op Fl afgknqtvxCPX46 .Op Fl afgknqtvxCPX246
.Op Fl c Ar blowfish | 3des .Op Fl c Ar blowfish | 3des
.Op Fl e Ar escape_char .Op Fl e Ar escape_char
.Op Fl i Ar identity_file .Op Fl i Ar identity_file
@ -455,6 +455,10 @@ from the local machine.
Port forwardings can also be specified in the configuration file. Port forwardings can also be specified in the configuration file.
Privileged ports can be forwarded only when Privileged ports can be forwarded only when
logging in as root on the remote machine. logging in as root on the remote machine.
.It Fl 2
Forces
.Nm
to use protocol version 2 only.
.It Fl 4 .It Fl 4
Forces Forces
.Nm .Nm

40
ssh.c
View File

@ -11,7 +11,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: ssh.c,v 1.25 2000/04/12 10:17:40 damien Exp $"); RCSID("$Id: ssh.c,v 1.26 2000/04/16 01:18:46 damien Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"
@ -138,6 +138,7 @@ usage()
fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n"); fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n");
fprintf(stderr, " -4 Use IPv4 only.\n"); fprintf(stderr, " -4 Use IPv4 only.\n");
fprintf(stderr, " -6 Use IPv6 only.\n"); fprintf(stderr, " -6 Use IPv6 only.\n");
fprintf(stderr, " -2 Force protocol version 2.\n");
fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n"); fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n");
exit(1); exit(1);
} }
@ -251,8 +252,8 @@ main(int ac, char **av)
if (host) if (host)
break; break;
if ((cp = strchr(av[optind], '@'))) { if ((cp = strchr(av[optind], '@'))) {
if(cp == av[optind]) if(cp == av[optind])
usage(); usage();
options.user = av[optind]; options.user = av[optind];
*cp = '\0'; *cp = '\0';
host = ++cp; host = ++cp;
@ -276,39 +277,34 @@ main(int ac, char **av)
optarg = NULL; optarg = NULL;
} }
switch (opt) { switch (opt) {
case '2':
options.protocol = SSH_PROTO_2;
break;
case '4': case '4':
IPv4or6 = AF_INET; IPv4or6 = AF_INET;
break; break;
case '6': case '6':
IPv4or6 = AF_INET6; IPv4or6 = AF_INET6;
break; break;
case 'n': case 'n':
stdin_null_flag = 1; stdin_null_flag = 1;
break; break;
case 'f': case 'f':
fork_after_authentication_flag = 1; fork_after_authentication_flag = 1;
stdin_null_flag = 1; stdin_null_flag = 1;
break; break;
case 'x': case 'x':
options.forward_x11 = 0; options.forward_x11 = 0;
break; break;
case 'X': case 'X':
options.forward_x11 = 1; options.forward_x11 = 1;
break; break;
case 'g': case 'g':
options.gateway_ports = 1; options.gateway_ports = 1;
break; break;
case 'P': case 'P':
options.use_privileged_port = 0; options.use_privileged_port = 0;
break; break;
case 'a': case 'a':
options.forward_agent = 0; options.forward_agent = 0;
break; break;
@ -330,11 +326,9 @@ main(int ac, char **av)
options.identity_files[options.num_identity_files++] = options.identity_files[options.num_identity_files++] =
xstrdup(optarg); xstrdup(optarg);
break; break;
case 't': case 't':
tty_flag = 1; tty_flag = 1;
break; break;
case 'v': case 'v':
case 'V': case 'V':
fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n", fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n",
@ -347,11 +341,9 @@ main(int ac, char **av)
debug_flag = 1; debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG; options.log_level = SYSLOG_LEVEL_DEBUG;
break; break;
case 'q': case 'q':
options.log_level = SYSLOG_LEVEL_QUIET; options.log_level = SYSLOG_LEVEL_QUIET;
break; break;
case 'e': case 'e':
if (optarg[0] == '^' && optarg[2] == 0 && if (optarg[0] == '^' && optarg[2] == 0 &&
(unsigned char) optarg[1] >= 64 && (unsigned char) optarg[1] < 128) (unsigned char) optarg[1] >= 64 && (unsigned char) optarg[1] < 128)
@ -365,7 +357,6 @@ main(int ac, char **av)
exit(1); exit(1);
} }
break; break;
case 'c': case 'c':
options.cipher = cipher_number(optarg); options.cipher = cipher_number(optarg);
if (options.cipher == -1) { if (options.cipher == -1) {
@ -373,15 +364,12 @@ main(int ac, char **av)
exit(1); exit(1);
} }
break; break;
case 'p': case 'p':
options.port = atoi(optarg); options.port = atoi(optarg);
break; break;
case 'l': case 'l':
options.user = optarg; options.user = optarg;
break; break;
case 'R': case 'R':
if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf, if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
&fwd_host_port) != 3 && &fwd_host_port) != 3 &&
@ -393,7 +381,6 @@ main(int ac, char **av)
} }
add_remote_forward(&options, fwd_port, buf, fwd_host_port); add_remote_forward(&options, fwd_port, buf, fwd_host_port);
break; break;
case 'L': case 'L':
if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf, if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
&fwd_host_port) != 3 && &fwd_host_port) != 3 &&
@ -405,27 +392,22 @@ main(int ac, char **av)
} }
add_local_forward(&options, fwd_port, buf, fwd_host_port); add_local_forward(&options, fwd_port, buf, fwd_host_port);
break; break;
case 'C': case 'C':
options.compression = 1; options.compression = 1;
break; break;
case 'N': case 'N':
no_shell_flag = 1; no_shell_flag = 1;
no_tty_flag = 1; no_tty_flag = 1;
break; break;
case 'T': case 'T':
no_tty_flag = 1; no_tty_flag = 1;
break; break;
case 'o': case 'o':
dummy = 1; dummy = 1;
if (process_config_line(&options, host ? host : "", optarg, if (process_config_line(&options, host ? host : "", optarg,
"command-line", 0, &dummy) != 0) "command-line", 0, &dummy) != 0)
exit(1); exit(1);
break; break;
default: default:
usage(); usage();
} }
@ -634,7 +616,7 @@ main(int ac, char **av)
/* Expand ~ in known host file names. */ /* Expand ~ in known host file names. */
options.system_hostfile = tilde_expand_filename(options.system_hostfile, options.system_hostfile = tilde_expand_filename(options.system_hostfile,
original_real_uid); original_real_uid);
options.user_hostfile = tilde_expand_filename(options.user_hostfile, options.user_hostfile = tilde_expand_filename(options.user_hostfile,
original_real_uid); original_real_uid);
@ -803,7 +785,7 @@ ssh_session(void)
options.local_forwards[i].host, options.local_forwards[i].host,
options.local_forwards[i].host_port); options.local_forwards[i].host_port);
channel_request_local_forwarding(options.local_forwards[i].port, channel_request_local_forwarding(options.local_forwards[i].port,
options.local_forwards[i].host, options.local_forwards[i].host,
options.local_forwards[i].host_port, options.local_forwards[i].host_port,
options.gateway_ports); options.gateway_ports);
} }
@ -816,7 +798,7 @@ ssh_session(void)
options.remote_forwards[i].host_port); options.remote_forwards[i].host_port);
channel_request_remote_forwarding(options.remote_forwards[i].port, channel_request_remote_forwarding(options.remote_forwards[i].port,
options.remote_forwards[i].host, options.remote_forwards[i].host,
options.remote_forwards[i].host_port); options.remote_forwards[i].host_port);
} }
/* If requested, let ssh continue in the background. */ /* If requested, let ssh continue in the background. */
@ -859,7 +841,7 @@ init_local_fwd(void)
options.local_forwards[i].host, options.local_forwards[i].host,
options.local_forwards[i].host_port); options.local_forwards[i].host_port);
channel_request_local_forwarding(options.local_forwards[i].port, channel_request_local_forwarding(options.local_forwards[i].port,
options.local_forwards[i].host, options.local_forwards[i].host,
options.local_forwards[i].host_port, options.local_forwards[i].host_port,
options.gateway_ports); options.gateway_ports);
} }

2
ssh.h
View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: ssh.h,v 1.31 2000/04/12 10:17:41 damien Exp $"); */ /* RCSID("$Id: ssh.h,v 1.32 2000/04/16 01:18:47 damien Exp $"); */
#ifndef SSH_H #ifndef SSH_H
#define SSH_H #define SSH_H

View File

@ -10,7 +10,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $"); RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $");
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <openssl/bn.h> #include <openssl/bn.h>
@ -250,7 +250,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
debug("Trying again..."); debug("Trying again...");
/* Loop through addresses for this host, and try each one in /* Loop through addresses for this host, and try each one in
sequence until the connection succeeds. */ sequence until the connection succeeds. */
for (ai = aitop; ai; ai = ai->ai_next) { for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue; continue;
@ -1367,9 +1367,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
} else if ( } else if (
options.cipher == SSH_CIPHER_ARCFOUR || options.cipher == SSH_CIPHER_ARCFOUR ||
options.cipher == SSH_CIPHER_3DES_CBC || options.cipher == SSH_CIPHER_3DES_CBC ||
options.cipher == SSH_CIPHER_CAST128_CBC || options.cipher == SSH_CIPHER_CAST128_CBC ||
options.cipher == SSH_CIPHER_BLOWFISH_CBC) { options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher); myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
} }
@ -1411,6 +1411,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
debug("first kex follow == %d", i); debug("first kex follow == %d", i);
i = packet_get_int(); i = packet_get_int();
debug("reserved == %d", i); debug("reserved == %d", i);
packet_done();
debug("done read kexinit"); debug("done read kexinit");
kex = kex_choose_conf(cprop, sprop, 0); kex = kex_choose_conf(cprop, sprop, 0);
@ -1434,7 +1435,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
fprintf(stderr, "\npub= "); fprintf(stderr, "\npub= ");
bignum_print(dh->pub_key); bignum_print(dh->pub_key);
fprintf(stderr, "\n"); fprintf(stderr, "\n");
DHparams_print_fp(stderr, dh); DHparams_print_fp(stderr, dh);
#endif #endif
debug("Wait SSH2_MSG_KEXDH_REPLY."); debug("Wait SSH2_MSG_KEXDH_REPLY.");
@ -1466,6 +1467,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
/* signed H */ /* signed H */
signature = packet_get_string(&slen); signature = packet_get_string(&slen);
packet_done();
if (!dh_pub_is_valid(dh, dh_server_pub)) if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value"); packet_disconnect("bad server public DH value");
@ -1475,14 +1477,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
kout = DH_compute_key(kbuf, dh_server_pub, dh); kout = DH_compute_key(kbuf, dh_server_pub, dh);
#ifdef DEBUG_KEXDH #ifdef DEBUG_KEXDH
debug("shared secret: len %d/%d", klen, kout); debug("shared secret: len %d/%d", klen, kout);
fprintf(stderr, "shared secret == "); fprintf(stderr, "shared secret == ");
for (i = 0; i< kout; i++) for (i = 0; i< kout; i++)
fprintf(stderr, "%02x", (kbuf[i])&0xff); fprintf(stderr, "%02x", (kbuf[i])&0xff);
fprintf(stderr, "\n"); fprintf(stderr, "\n");
#endif #endif
shared_secret = BN_new(); shared_secret = BN_new();
BN_bin2bn(kbuf, kout, shared_secret); BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen); memset(kbuf, 0, klen);
xfree(kbuf); xfree(kbuf);
@ -1502,10 +1504,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
xfree(client_kexinit); xfree(client_kexinit);
xfree(server_kexinit); xfree(server_kexinit);
#ifdef DEBUG_KEXDH #ifdef DEBUG_KEXDH
fprintf(stderr, "hash == "); fprintf(stderr, "hash == ");
for (i = 0; i< 20; i++) for (i = 0; i< 20; i++)
fprintf(stderr, "%02x", (hash[i])&0xff); fprintf(stderr, "%02x", (hash[i])&0xff);
fprintf(stderr, "\n"); fprintf(stderr, "\n");
#endif #endif
dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20); dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20);
key_free(server_host_key); key_free(server_host_key);
@ -1518,6 +1520,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
debug("Wait SSH2_MSG_NEWKEYS."); debug("Wait SSH2_MSG_NEWKEYS.");
packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS); packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS);
packet_done();
debug("GOT SSH2_MSG_NEWKEYS."); debug("GOT SSH2_MSG_NEWKEYS.");
debug("send SSH2_MSG_NEWKEYS."); debug("send SSH2_MSG_NEWKEYS.");
@ -1551,7 +1554,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
char *server_user, *local_user; char *server_user, *local_user;
char *auths; char *auths;
char *password; char *password;
char *service = "ssh-connection"; // service name char *service = "ssh-connection"; /* service name */
debug("send SSH2_MSG_SERVICE_REQUEST"); debug("send SSH2_MSG_SERVICE_REQUEST");
packet_start(SSH2_MSG_SERVICE_REQUEST); packet_start(SSH2_MSG_SERVICE_REQUEST);
@ -1563,8 +1566,15 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
if (type != SSH2_MSG_SERVICE_ACCEPT) { if (type != SSH2_MSG_SERVICE_ACCEPT) {
fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
} }
/* payload empty for ssh-2.0.13 ?? */ if (packet_remaining() > 0) {
/* reply = packet_get_string(&payload_len); */ char *reply = packet_get_string(&plen);
debug("service_accept: %s", reply);
xfree(reply);
} else {
/* payload empty for ssh-2.0.13 ?? */
log("buggy server: service_accept w/o service");
}
packet_done();
debug("got SSH2_MSG_SERVICE_ACCEPT"); debug("got SSH2_MSG_SERVICE_ACCEPT");
/*XX COMMONCODE: */ /*XX COMMONCODE: */
@ -1593,6 +1603,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
auths = packet_get_string(&dlen); auths = packet_get_string(&dlen);
debug("authentications that can continue: %s", auths); debug("authentications that can continue: %s", auths);
partial = packet_get_char(); partial = packet_get_char();
packet_done();
if (partial) if (partial)
debug("partial success"); debug("partial success");
if (strstr(auths, "password") == NULL) if (strstr(auths, "password") == NULL)
@ -1613,6 +1624,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key,
packet_send(); packet_send();
packet_write_wait(); packet_write_wait();
} }
packet_done();
debug("ssh-userauth2 successfull"); debug("ssh-userauth2 successfull");
} }

32
sshd.c
View File

@ -14,7 +14,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshd.c,v 1.104 2000/04/12 09:39:10 markus Exp $"); RCSID("$OpenBSD: sshd.c,v 1.105 2000/04/14 10:30:33 markus Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "rsa.h" #include "rsa.h"
@ -266,15 +266,15 @@ key_regeneration_alarm(int sig)
char * char *
chop(char *s) chop(char *s)
{ {
char *t = s; char *t = s;
while (*t) { while (*t) {
if(*t == '\n' || *t == '\r') { if(*t == '\n' || *t == '\r') {
*t = '\0'; *t = '\0';
return s; return s;
} }
t++; t++;
} }
return s; return s;
} }
@ -337,7 +337,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
*/ */
if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n", if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
&remote_major, &remote_minor, remote_version) != 3) { &remote_major, &remote_minor, remote_version) != 3) {
s = "Protocol mismatch.\n"; s = "Protocol mismatch.\n";
(void) atomicio(write, sock_out, s, strlen(s)); (void) atomicio(write, sock_out, s, strlen(s));
close(sock_in); close(sock_in);
close(sock_out); close(sock_out);
@ -1018,7 +1018,7 @@ do_ssh1_kex()
/* Get cipher type and check whether we accept this. */ /* Get cipher type and check whether we accept this. */
cipher_type = packet_get_char(); cipher_type = packet_get_char();
if (!(cipher_mask() & (1 << cipher_type))) if (!(cipher_mask() & (1 << cipher_type)))
packet_disconnect("Warning: client selects unsupported cipher."); packet_disconnect("Warning: client selects unsupported cipher.");
/* Get check bytes from the packet. These must match those we /* Get check bytes from the packet. These must match those we
@ -1258,10 +1258,10 @@ do_ssh2_kex()
xfree(client_kexinit); xfree(client_kexinit);
xfree(server_kexinit); xfree(server_kexinit);
#ifdef DEBUG_KEXDH #ifdef DEBUG_KEXDH
fprintf(stderr, "hash == "); fprintf(stderr, "hash == ");
for (i = 0; i< 20; i++) for (i = 0; i< 20; i++)
fprintf(stderr, "%02x", (hash[i])&0xff); fprintf(stderr, "%02x", (hash[i])&0xff);
fprintf(stderr, "\n"); fprintf(stderr, "\n");
#endif #endif
/* sign H */ /* sign H */
dsa_sign(server_host_key, &signature, &slen, hash, 20); dsa_sign(server_host_key, &signature, &slen, hash, 20);

View File

@ -10,7 +10,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: ttymodes.c,v 1.3 1999/11/25 00:54:59 damien Exp $"); RCSID("$Id: ttymodes.c,v 1.4 2000/04/16 01:18:49 damien Exp $");
#include "packet.h" #include "packet.h"
#include "ssh.h" #include "ssh.h"

View File

@ -12,7 +12,7 @@
* *
*/ */
/* RCSID("$Id: ttymodes.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */ /* RCSID("$Id: ttymodes.h,v 1.4 2000/04/16 01:18:49 damien Exp $"); */
/* The tty mode description is a stream of bytes. The stream consists of /* The tty mode description is a stream of bytes. The stream consists of
* opcode-arguments pairs. It is terminated by opcode TTY_OP_END (0). * opcode-arguments pairs. It is terminated by opcode TTY_OP_END (0).

View File

@ -7,7 +7,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: uidswap.c,v 1.4 2000/01/20 13:18:16 damien Exp $"); RCSID("$Id: uidswap.c,v 1.5 2000/04/16 01:18:49 damien Exp $");
#include "ssh.h" #include "ssh.h"
#include "uidswap.h" #include "uidswap.h"

View File

@ -8,7 +8,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$Id: xmalloc.c,v 1.2 1999/11/24 13:26:23 damien Exp $"); RCSID("$Id: xmalloc.c,v 1.3 2000/04/16 01:18:49 damien Exp $");
#include "ssh.h" #include "ssh.h"

View File

@ -14,7 +14,7 @@
* *
*/ */
/* RCSID("$Id: xmalloc.h,v 1.2 1999/11/24 13:26:23 damien Exp $"); */ /* RCSID("$Id: xmalloc.h,v 1.3 2000/04/16 01:18:49 damien Exp $"); */
#ifndef XMALLOC_H #ifndef XMALLOC_H
#define XMALLOC_H #define XMALLOC_H