tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- Merged yet more changes from OpenBSD CVS 

- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
     [ssh.c ssh.h sshconnect.c sshd.c]
     make all access to options via 'extern Options options'
     and 'extern ServerOptions options' respectively;
     options are no longer passed as arguments:
      * make options handling more consistent
      * remove #include "readconf.h" from ssh.h
      * readconf.h is only included if necessary
   - [mpaux.c] clear temp buffer
   - [servconf.c] print _all_ bad options found in configfile
This commit is contained in:
Damien Miller 1999-11-12 15:19:27 +11:00
parent b5f8927a7e
commit 6d7b2cd1a3
13 changed files with 159 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -9,6 +9,17 @@
- Released 1.2pre10
- Added INSTALL documentation
- Merged yet more changes from OpenBSD CVS
- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
[ssh.c ssh.h sshconnect.c sshd.c]
make all access to options via 'extern Options options'
and 'extern ServerOptions options' respectively;
options are no longer passed as arguments:
* make options handling more consistent
* remove #include "readconf.h" from ssh.h
* readconf.h is only included if necessary
- [mpaux.c] clear temp buffer
- [servconf.c] print _all_ bad options found in configfile
19991111
- Added (untested) Entropy Gathering Daemon (EGD) support

4
auth-rh-rsa.c
View File

@ -15,7 +15,7 @@ authentication.
*/
#include "includes.h"
RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
RCSID("$Id: auth-rh-rsa.c,v 1.4 1999/11/12 04:19:27 damien Exp $");
#include "packet.h"
#include "ssh.h"
@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
debug("Trying rhosts with RSA host authentication for %.100s", client_user);
/* Check if we would accept it using rhosts authentication. */
if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
if (!auth_rhosts(pw, client_user))
return 0;
canonical_hostname = get_canonical_hostname();

13
auth-rhosts.c
View File

@ -16,12 +16,13 @@ the login based on rhosts authentication. This file also processes
*/
#include "includes.h"
RCSID("$Id: auth-rhosts.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
RCSID("$Id: auth-rhosts.c,v 1.2 1999/11/12 04:19:27 damien Exp $");
#include "packet.h"
#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
#include "servconf.h"
/* This function processes an rhosts-style file (.rhosts, .shosts, or
/etc/hosts.equiv). This returns true if authentication can be granted
@ -155,9 +156,9 @@ int check_rhosts_file(const char *filename, const char *hostname,
true, only /etc/hosts.equiv will be considered (.rhosts and .shosts
are ignored). */
int auth_rhosts(struct passwd *pw, const char *client_user,
int ignore_rhosts, int strict_modes)
int auth_rhosts(struct passwd *pw, const char *client_user)
{
extern ServerOptions options;
char buf[1024];
const char *hostname, *ipaddr;
int port;
@ -234,7 +235,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
pw->pw_name, pw->pw_dir);
return 0;
}
if (strict_modes &&
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0))
{
@ -261,7 +262,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
and make sure it is not writable by anyone but the owner. This is
to help avoid novices accidentally allowing access to their account
by anyone. */
if (strict_modes &&
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0))
{
@ -273,7 +274,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
/* Check if we have been configured to ignore .rhosts and .shosts
files. */
if (ignore_rhosts)
if (options.ignore_rhosts)
{
packet_send_debug("Server has been configured to ignore %.100s.",
rhosts_files[rhosts_file_index]);

9
auth-rsa.c
View File

@ -17,7 +17,7 @@ validity of the host key.
#include "config.h"
#include "includes.h"
RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
RCSID("$Id: auth-rsa.c,v 1.5 1999/11/12 04:19:27 damien Exp $");
#include "rsa.h"
#include "packet.h"
@ -25,6 +25,7 @@ RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "ssh.h"
#include "mpaux.h"
#include "uidswap.h"
#include "servconf.h"
#ifdef HAVE_OPENSSL
#include <openssl/rsa.h>
@ -100,7 +101,6 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
len = BN_num_bytes(challenge);
if (len <= 0 || len > 32)
fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
memset(buf, 0, 32);
BN_bn2bin(challenge, buf + 32 - len);
MD5_Init(&md);
@ -136,8 +136,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
successful. This may exit if there is a serious protocol violation. */
int
auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes)
auth_rsa(struct passwd *pw, BIGNUM *client_n)
{
extern ServerOptions options;
char line[8192];
int authenticated;
unsigned int bits;
@ -172,7 +173,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes)
return 0;
}
if (strict_modes) {
if (options.strict_modes) {
int fail=0;
char buf[1024];
/* Check open file in order to avoid open/stat races */

3
channels.c
View File

@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
*/
#include "includes.h"
RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
RCSID("$Id: channels.c,v 1.5 1999/11/12 04:19:27 damien Exp $");
#include "ssh.h"
#include "packet.h"
@ -24,6 +24,7 @@ RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
#include "buffer.h"
#include "authfd.h"
#include "uidswap.h"
#include "readconf.h"
#include "servconf.h"
#include "channels.h"

6
clientloop.c
View File

@ -15,7 +15,7 @@ The main loop for the interactive session (client side).
*/
#include "includes.h"
RCSID("$Id: clientloop.c,v 1.2 1999/11/11 06:57:39 damien Exp $");
RCSID("$Id: clientloop.c,v 1.3 1999/11/12 04:19:27 damien Exp $");
#include "xmalloc.h"
#include "ssh.h"
@ -24,9 +24,6 @@ RCSID("$Id: clientloop.c,v 1.2 1999/11/11 06:57:39 damien Exp $");
#include "authfd.h"
#include "readconf.h"
/* Flag indicating whether quiet mode is on. */
extern Options options;
/* Flag indicating that stdin should be redirected from /dev/null. */
extern int stdin_null_flag;
@ -764,6 +761,7 @@ void client_process_output(fd_set *writeset)
int client_loop(int have_pty, int escape_char_arg)
{
extern Options options;
double start_time, total_time;
int len;
char buf[100];

3
mpaux.c
View File

@ -16,7 +16,7 @@ precision integers.
#include "config.h"
#include "includes.h"
RCSID("$Id: mpaux.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
RCSID("$Id: mpaux.c,v 1.4 1999/11/12 04:19:27 damien Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
@ -50,5 +50,6 @@ compute_session_id(unsigned char session_id[16],
MD5_Init(&md);
MD5_Update(&md, buf, bytes);
MD5_Final(session_id, &md);
memset(buf, 0, bytes);
xfree(buf);
}

16
servconf.c
View File

@ -12,7 +12,7 @@ Created: Mon Aug 21 15:48:58 1995 ylo
*/
#include "includes.h"
RCSID("$Id: servconf.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
RCSID("$Id: servconf.c,v 1.4 1999/11/12 04:19:27 damien Exp $");
#include "ssh.h"
#include "servconf.h"
@ -144,6 +144,7 @@ void fill_default_server_options(ServerOptions *options)
/* Keyword tokens. */
typedef enum
{
sBadOption, /* == unknown option */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
@ -260,9 +261,9 @@ static ServerOpCodes parse_token(const char *cp, const char *filename,
if (strcmp(cp, keywords[i].name) == 0)
return keywords[i].opcode;
fprintf(stderr, "%s line %d: Bad configuration option: %s\n",
fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
filename, linenum, cp);
exit(1);
return sBadOption;
}
/* Reads the server configuration file. */
@ -273,6 +274,7 @@ void read_server_config(ServerOptions *options, const char *filename)
char line[1024];
char *cp, **charptr;
int linenum, *intptr, i, value;
int bad_options = 0;
ServerOpCodes opcode;
f = fopen(filename, "r");
@ -300,6 +302,9 @@ void read_server_config(ServerOptions *options, const char *filename)
opcode = parse_token(cp, filename, linenum);
switch (opcode)
{
case sBadOption:
bad_options++;
continue;
case sPort:
intptr = &options->port;
parse_int:
@ -596,4 +601,9 @@ void read_server_config(ServerOptions *options, const char *filename)
}
}
fclose(f);
if (bad_options > 0) {
fprintf(stderr, "%s: terminating, %d bad configuration options\n",
filename, bad_options);
exit(1);
}
}

4
ssh-keygen.c
View File

@ -14,7 +14,7 @@ Identity and host key generation and maintenance.
*/
#include "includes.h"
RCSID("$Id: ssh-keygen.c,v 1.2 1999/11/08 04:30:59 damien Exp $");
RCSID("$Id: ssh-keygen.c,v 1.3 1999/11/12 04:19:27 damien Exp $");
#include "rsa.h"
#include "ssh.h"
@ -117,7 +117,7 @@ do_change_passphrase(struct passwd *pw)
xfree(old_passphrase);
}
printf("Key has comment '%s'\n", comment);
/* Ask the new passphrase (twice). */
if (identity_new_passphrase)
{

4
ssh.c
View File

@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
*/
#include "includes.h"
RCSID("$Id: ssh.c,v 1.5 1999/11/11 06:57:40 damien Exp $");
RCSID("$Id: ssh.c,v 1.6 1999/11/12 04:19:27 damien Exp $");
#include "xmalloc.h"
#include "ssh.h"
@ -590,7 +590,7 @@ main(int ac, char **av)
/* Log into the remote system. This never returns if the login fails. */
ssh_login(host_private_key_loaded, host_private_key,
host, &hostaddr, &options, original_real_uid);
host, &hostaddr, original_real_uid);
/* We no longer need the host private key. Clear it now. */
if (host_private_key_loaded)

122
ssh.h
View File

@ -13,7 +13,7 @@ Generic header file for ssh.
*/
/* RCSID("$Id: ssh.h,v 1.11 1999/11/12 00:33:04 damien Exp $"); */
/* RCSID("$Id: ssh.h,v 1.12 1999/11/12 04:19:27 damien Exp $"); */
#ifndef SSH_H
#define SSH_H
@ -221,60 +221,6 @@ only by root, whereas ssh_config should be world-readable. */
#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
/*------------ Definitions for logging. -----------------------*/
/* Supported syslog facilities and levels. */
typedef enum
{
SYSLOG_FACILITY_DAEMON,
SYSLOG_FACILITY_USER,
SYSLOG_FACILITY_AUTH,
SYSLOG_FACILITY_LOCAL0,
SYSLOG_FACILITY_LOCAL1,
SYSLOG_FACILITY_LOCAL2,
SYSLOG_FACILITY_LOCAL3,
SYSLOG_FACILITY_LOCAL4,
SYSLOG_FACILITY_LOCAL5,
SYSLOG_FACILITY_LOCAL6,
SYSLOG_FACILITY_LOCAL7
} SyslogFacility;
typedef enum
{
SYSLOG_LEVEL_QUIET,
SYSLOG_LEVEL_FATAL,
SYSLOG_LEVEL_ERROR,
SYSLOG_LEVEL_INFO,
SYSLOG_LEVEL_CHAT,
SYSLOG_LEVEL_DEBUG
} LogLevel;
/* Initializes logging. */
void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
/* Logging implementation, depending on server or client */
void do_log(LogLevel level, const char *fmt, va_list args);
/* Output a message to syslog or stderr */
void fatal(const char *fmt, ...);
void error(const char *fmt, ...);
void log(const char *fmt, ...);
void chat(const char *fmt, ...);
void debug(const char *fmt, ...);
/* same as fatal() but w/o logging */
void fatal_cleanup(void);
/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting.
It is permissible to call fatal_remove_cleanup for the function itself
from the function. */
void fatal_add_cleanup(void (*proc)(void *context), void *context);
/* Removes a cleanup function to be called at fatal(). */
void fatal_remove_cleanup(void (*proc)(void *context), void *context);
/*------------ definitions for login.c -------------*/
/* Returns the time when the user last logged in. Returns 0 if the
@ -314,21 +260,15 @@ int ssh_connect(const char *host, struct sockaddr_in *hostaddr,
This initializes the random state, and leaves it initialized (it will also
have references from the packet module). */
/* for Options */
#include "readconf.h"
void ssh_login(int host_key_valid, RSA *host_key, const char *host,
struct sockaddr_in *hostaddr, Options *options,
uid_t original_real_uid);
struct sockaddr_in *hostaddr, uid_t original_real_uid);
/*------------ Definitions for various authentication methods. -------*/
/* Tries to authenticate the user using the .rhosts file. Returns true if
authentication succeeds. If ignore_rhosts is non-zero, this will not
consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
If strict_modes is true, checks ownership and modes of .rhosts/.shosts. */
int auth_rhosts(struct passwd *pw, const char *client_user,
int ignore_rhosts, int strict_modes);
consider .rhosts and .shosts (/etc/hosts.equiv will still be used). */
int auth_rhosts(struct passwd *pw, const char *client_user);
/* Tries to authenticate the user using the .rhosts file and the host using
its host key. Returns true if authentication succeeds. */
@ -343,7 +283,7 @@ int auth_password(struct passwd *pw, const char *password);
/* Performs the RSA authentication dialog with the client. This returns
0 if the client could not be authenticated, and 1 if authentication was
successful. This may exit if there is a serious protocol violation. */
int auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes);
int auth_rsa(struct passwd *pw, BIGNUM *client_n);
/* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
over the key. Skips any whitespace at the beginning and at end. */
@ -421,6 +361,58 @@ int load_public_key(const char *filename, RSA *pub,
int load_private_key(const char *filename, const char *passphrase,
RSA *private_key, char **comment_return);
/*------------ Definitions for logging. -----------------------*/
/* Supported syslog facilities and levels. */
typedef enum
{
SYSLOG_FACILITY_DAEMON,
SYSLOG_FACILITY_USER,
SYSLOG_FACILITY_AUTH,
SYSLOG_FACILITY_LOCAL0,
SYSLOG_FACILITY_LOCAL1,
SYSLOG_FACILITY_LOCAL2,
SYSLOG_FACILITY_LOCAL3,
SYSLOG_FACILITY_LOCAL4,
SYSLOG_FACILITY_LOCAL5,
SYSLOG_FACILITY_LOCAL6,
SYSLOG_FACILITY_LOCAL7
} SyslogFacility;
typedef enum
{
SYSLOG_LEVEL_QUIET,
SYSLOG_LEVEL_FATAL,
SYSLOG_LEVEL_ERROR,
SYSLOG_LEVEL_INFO,
SYSLOG_LEVEL_CHAT,
SYSLOG_LEVEL_DEBUG
} LogLevel;
/* Initializes logging. */
void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
/* Logging implementation, depending on server or client */
void do_log(LogLevel level, const char *fmt, va_list args);
/* Output a message to syslog or stderr */
void fatal(const char *fmt, ...);
void error(const char *fmt, ...);
void log(const char *fmt, ...);
void chat(const char *fmt, ...);
void debug(const char *fmt, ...);
/* same as fatal() but w/o logging */
void fatal_cleanup(void);
/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting.
It is permissible to call fatal_remove_cleanup for the function itself
from the function. */
void fatal_add_cleanup(void (*proc)(void *context), void *context);
/* Removes a cleanup function to be called at fatal(). */
void fatal_remove_cleanup(void (*proc)(void *context), void *context);
/*---------------- definitions for channels ------------------*/
/* Sets specific protocol options. */

102
sshconnect.c
View File

@ -16,7 +16,7 @@ login (authentication) dialog.
#include "config.h"
#include "includes.h"
RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $");
RCSID("$Id: sshconnect.c,v 1.6 1999/11/12 04:19:27 damien Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
@ -36,7 +36,7 @@ RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $");
#include "mpaux.h"
#include "uidswap.h"
#include "compat.h"
#include "readconf.h"
/* Session id for the current session. */
unsigned char session_id[16];
@ -486,9 +486,9 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
the user using it. */
int
try_rsa_authentication(struct passwd *pw, const char *authfile,
int may_ask_passphrase)
try_rsa_authentication(struct passwd *pw, const char *authfile)
{
extern Options options;
BIGNUM *challenge;
RSA *private_key;
RSA *public_key;
@ -550,7 +550,7 @@ try_rsa_authentication(struct passwd *pw, const char *authfile,
return. */
snprintf(buf, sizeof buf,
"Enter passphrase for RSA key '%.100s': ", comment);
if (may_ask_passphrase)
if (!options.batch_mode)
passphrase = read_passphrase(buf, 0);
else
{
@ -1014,8 +1014,9 @@ void ssh_login(int host_key_valid,
RSA *own_host_key,
const char *orighost,
struct sockaddr_in *hostaddr,
Options *options, uid_t original_real_uid)
uid_t original_real_uid)
{
extern Options options;
int i, type;
char *password;
struct passwd *pw;
@ -1035,7 +1036,7 @@ void ssh_login(int host_key_valid,
int payload_len, clen, sum_len = 0;
u_int32_t rand = 0;
if (options->check_host_ip)
if (options.check_host_ip)
ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
/* Convert the user-supplied hostname into all lowercase. */
@ -1056,7 +1057,7 @@ void ssh_login(int host_key_valid,
if (!pw)
fatal("User id %d not found from user database.", original_real_uid);
local_user = xstrdup(pw->pw_name);
server_user = options->user ? options->user : local_user;
server_user = options.user ? options.user : local_user;
debug("Waiting for server public key.");
@ -1132,12 +1133,12 @@ void ssh_login(int host_key_valid,
/* Check if the host key is present in the user\'s list of known hosts
or in the systemwide list. */
host_status = check_host_in_hostfile(options->user_hostfile,
host_status = check_host_in_hostfile(options.user_hostfile,
host, BN_num_bits(host_key->n),
host_key->e, host_key->n,
file_key->e, file_key->n);
if (host_status == HOST_NEW)
host_status = check_host_in_hostfile(options->system_hostfile, host,
host_status = check_host_in_hostfile(options.system_hostfile, host,
BN_num_bits(host_key->n),
host_key->e, host_key->n,
file_key->e, file_key->n);
@ -1154,17 +1155,17 @@ void ssh_login(int host_key_valid,
/* Also perform check for the ip address, skip the check if we are
localhost or the hostname was an ip address to begin with */
if (options->check_host_ip && !local && strcmp(host, ip)) {
if (options.check_host_ip && !local && strcmp(host, ip)) {
RSA *ip_key = RSA_new();
ip_key->n = BN_new();
ip_key->e = BN_new();
ip_status = check_host_in_hostfile(options->user_hostfile, ip,
ip_status = check_host_in_hostfile(options.user_hostfile, ip,
BN_num_bits(host_key->n),
host_key->e, host_key->n,
ip_key->e, ip_key->n);
if (ip_status == HOST_NEW)
ip_status = check_host_in_hostfile(options->system_hostfile, ip,
ip_status = check_host_in_hostfile(options.system_hostfile, ip,
BN_num_bits(host_key->n),
host_key->e, host_key->n,
ip_key->e, ip_key->n);
@ -1183,13 +1184,13 @@ void ssh_login(int host_key_valid,
case HOST_OK:
/* The host is known and the key matches. */
debug("Host '%.200s' is known and matches the host key.", host);
if (options->check_host_ip) {
if (options.check_host_ip) {
if (ip_status == HOST_NEW) {
if (!add_host_to_hostfile(options->user_hostfile, ip,
if (!add_host_to_hostfile(options.user_hostfile, ip,
BN_num_bits(host_key->n),
host_key->e, host_key->n))
log("Failed to add the host ip to the list of known hosts (%.30s).",
options->user_hostfile);
options.user_hostfile);
else
log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip);
} else if (ip_status != HOST_OK)
@ -1201,12 +1202,12 @@ void ssh_login(int host_key_valid,
{
char hostline[1000], *hostp = hostline;
/* The host is new. */
if (options->strict_host_key_checking == 1) {
if (options.strict_host_key_checking == 1) {
/* User has requested strict host key checking. We will not
add the host key automatically. The only alternative left
is to abort. */
fatal("No host key is known for %.200s and you have requested strict checking.", host);
} else if (options->strict_host_key_checking == 2) { /* The default */
} else if (options.strict_host_key_checking == 2) { /* The default */
char prompt[1024];
snprintf(prompt, sizeof(prompt),
"The authenticity of host '%.200s' can't be established.\n"
@ -1216,25 +1217,25 @@ void ssh_login(int host_key_valid,
fatal("Aborted by user!\n");
}
if (options->check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
else
hostp = host;
/* If not in strict mode, add the key automatically to the local
known_hosts file. */
if (!add_host_to_hostfile(options->user_hostfile, hostp,
if (!add_host_to_hostfile(options.user_hostfile, hostp,
BN_num_bits(host_key->n),
host_key->e, host_key->n))
log("Failed to add the host to the list of known hosts (%.500s).",
options->user_hostfile);
options.user_hostfile);
else
log("Warning: Permanently added '%.200s' to the list of known hosts.",
hostp);
break;
}
case HOST_CHANGED:
if (options->check_host_ip) {
if (options.check_host_ip) {
if (host_ip_differ) {
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
@ -1256,23 +1257,23 @@ void ssh_login(int host_key_valid,
error("It is also possible that the host key has just been changed.");
error("Please contact your system administrator.");
error("Add correct host key in %.100s to get rid of this message.",
options->user_hostfile);
options.user_hostfile);
/* If strict host key checking is in use, the user will have to edit
the key manually and we can only abort. */
if (options->strict_host_key_checking)
if (options.strict_host_key_checking)
fatal("Host key for %.200s has changed and you have requested strict checking.", host);
/* If strict host key checking has not been requested, allow the
connection but without password authentication or
agent forwarding. */
if (options->password_authentication) {
if (options.password_authentication) {
error("Password authentication is disabled to avoid trojan horses.");
options->password_authentication = 0;
options.password_authentication = 0;
}
if (options->forward_agent) {
if (options.forward_agent) {
error("Agent forwarding is disabled to avoid trojan horses.");
options->forward_agent = 0;
options.forward_agent = 0;
}
/* XXX Should permit the user to change to use the new id. This could
be done by converting the host key to an identifying sentence, tell
@ -1281,7 +1282,7 @@ void ssh_login(int host_key_valid,
break;
}
if (options->check_host_ip)
if (options.check_host_ip)
xfree(ip);
/* Generate a session key. */
@ -1344,27 +1345,27 @@ void ssh_login(int host_key_valid,
rsa_public_encrypt(key, key, public_key);
}
if (options->cipher == SSH_CIPHER_NOT_SET) {
if (options.cipher == SSH_CIPHER_NOT_SET) {
if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
options->cipher = ssh_cipher_default;
options.cipher = ssh_cipher_default;
else {
debug("Cipher %d not supported, using %.100s instead.",
cipher_name(ssh_cipher_default),
cipher_name(SSH_FALLBACK_CIPHER));
options->cipher = SSH_FALLBACK_CIPHER;
options.cipher = SSH_FALLBACK_CIPHER;
}
}
/* Check that the selected cipher is supported. */
if (!(supported_ciphers & (1 << options->cipher)))
if (!(supported_ciphers & (1 << options.cipher)))
fatal("Selected cipher type %.100s not supported by server.",
cipher_name(options->cipher));
cipher_name(options.cipher));
debug("Encryption type: %.100s", cipher_name(options->cipher));
debug("Encryption type: %.100s", cipher_name(options.cipher));
/* Send the encrypted session key to the server. */
packet_start(SSH_CMSG_SESSION_KEY);
packet_put_char(options->cipher);
packet_put_char(options.cipher);
/* Send the check bytes back to the server. */
for (i = 0; i < 8; i++)
@ -1390,7 +1391,7 @@ void ssh_login(int host_key_valid,
/* Set the encryption key. */
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH,
options->cipher, 1);
options.cipher, 1);
/* We will no longer need the session key here. Destroy any extra copies. */
memset(session_key, 0, sizeof(session_key));
@ -1420,17 +1421,17 @@ void ssh_login(int host_key_valid,
#ifdef AFS
/* Try Kerberos tgt passing if the server supports it. */
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
options->kerberos_tgt_passing)
options.kerberos_tgt_passing)
{
if (options->cipher == SSH_CIPHER_NONE)
if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
(void)send_kerberos_tgt();
}
/* Try AFS token passing if the server supports it. */
if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
options->afs_token_passing && k_hasafs()) {
if (options->cipher == SSH_CIPHER_NONE)
options.afs_token_passing && k_hasafs()) {
if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
send_afs_tokens();
}
@ -1438,7 +1439,7 @@ void ssh_login(int host_key_valid,
#ifdef KRB4
if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
options->kerberos_authentication)
options.kerberos_authentication)
{
debug("Trying Kerberos authentication.");
if (try_kerberos_authentication()) {
@ -1455,7 +1456,7 @@ void ssh_login(int host_key_valid,
/* Use rhosts authentication if running in privileged socket and we do not
wish to remain anonymous. */
if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
options->rhosts_authentication)
options.rhosts_authentication)
{
debug("Trying rhosts authentication.");
packet_start(SSH_CMSG_AUTH_RHOSTS);
@ -1475,7 +1476,7 @@ void ssh_login(int host_key_valid,
/* Try .rhosts or /etc/hosts.equiv authentication with RSA host
authentication. */
if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
options->rhosts_rsa_authentication && host_key_valid)
options.rhosts_rsa_authentication && host_key_valid)
{
if (try_rhosts_rsa_authentication(local_user, own_host_key))
return; /* Successful authentication. */
@ -1483,7 +1484,7 @@ void ssh_login(int host_key_valid,
/* Try RSA authentication if the server supports it. */
if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
options->rsa_authentication)
options.rsa_authentication)
{
/* Try RSA authentication using the authentication agent. The agent
is tried first because no passphrase is needed for it, whereas
@ -1492,23 +1493,22 @@ void ssh_login(int host_key_valid,
return; /* Successful connection. */
/* Try RSA authentication for each identity. */
for (i = 0; i < options->num_identity_files; i++)
if (try_rsa_authentication(pw, options->identity_files[i],
!options->batch_mode))
for (i = 0; i < options.num_identity_files; i++)
if (try_rsa_authentication(pw, options.identity_files[i]))
return; /* Successful connection. */
}
/* Try password authentication if the server supports it. */
if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
options->password_authentication && !options->batch_mode)
options.password_authentication && !options.batch_mode)
{
char prompt[80];
snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
server_user, host);
debug("Doing password authentication.");
if (options->cipher == SSH_CIPHER_NONE)
if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
for (i = 0; i < options->number_of_password_prompts; i++) {
for (i = 0; i < options.number_of_password_prompts; i++) {
if (i != 0)
error("Permission denied, please try again.");
password = read_passphrase(prompt, 0);

7
sshd.c
View File

@ -18,7 +18,7 @@ agent connections.
*/
#include "includes.h"
RCSID("$Id: sshd.c,v 1.16 1999/11/12 00:33:04 damien Exp $");
RCSID("$Id: sshd.c,v 1.17 1999/11/12 04:19:27 damien Exp $");
#include "xmalloc.h"
#include "rsa.h"
@ -1343,8 +1343,7 @@ do_authentication(char *user, int privileged_port)
}
/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
if (auth_rhosts(pw, client_user, options.ignore_rhosts,
options.strict_modes))
if (auth_rhosts(pw, client_user))
{
/* Authentication accepted. */
log("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.",
@ -1431,7 +1430,7 @@ do_authentication(char *user, int privileged_port)
packet_integrity_check(plen, nlen, type);
if (auth_rsa(pw, n, options.strict_modes))
if (auth_rsa(pw, n))
{
/* Successful authentication. */
BN_clear_free(n);