aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorKris Kennaway <kris@FreeBSD.org>2000-06-03 09:52:37 +0000
committerKris Kennaway <kris@FreeBSD.org>2000-06-03 09:52:37 +0000
commit2632b0c8756f2f5db4401143acdd2ebb7a871636 (patch)
tree2b0a0dae36e62d807780aa047b690ffacb266b19 /crypto
parent87e372b8a2a153de5bb26d9c63440f02c16ab39c (diff)
downloadsrc-2632b0c8756f2f5db4401143acdd2ebb7a871636.tar.gz
src-2632b0c8756f2f5db4401143acdd2ebb7a871636.zip
Notes
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssh/auth.c11
-rw-r--r--crypto/openssh/cipher.c6
-rw-r--r--crypto/openssh/compat.c8
-rw-r--r--crypto/openssh/kex.c96
-rw-r--r--crypto/openssh/kex.h13
-rw-r--r--crypto/openssh/lib/Makefile2
-rw-r--r--crypto/openssh/myproposal.h2
-rw-r--r--crypto/openssh/servconf.c6
-rw-r--r--crypto/openssh/serverloop.c97
-rw-r--r--crypto/openssh/ssh2.h8
-rw-r--r--crypto/openssh/sshconnect.c19
-rw-r--r--crypto/openssh/sshconnect2.c137
-rw-r--r--crypto/openssh/sshd.c71
13 files changed, 237 insertions, 239 deletions
diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c
index d3425a237a71..20e9760c4281 100644
--- a/crypto/openssh/auth.c
+++ b/crypto/openssh/auth.c
@@ -5,7 +5,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.6 2000/04/26 21:28:31 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.7 2000/05/17 21:37:24 deraadt Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -45,14 +45,21 @@ allowed_user(struct passwd * pw)
{
struct stat st;
struct group *grp;
+ char *shell;
int i;
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw)
return 0;
+ /*
+ * Get the shell from the password data. An empty shell field is
+ * legal, and means /bin/sh.
+ */
+ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+
/* deny if shell does not exists or is not executable */
- if (stat(pw->pw_shell, &st) != 0)
+ if (stat(shell, &st) != 0)
return 0;
if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
return 0;
diff --git a/crypto/openssh/cipher.c b/crypto/openssh/cipher.c
index bcaff024db26..ca77c6d034de 100644
--- a/crypto/openssh/cipher.c
+++ b/crypto/openssh/cipher.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$Id: cipher.c,v 1.26 2000/04/14 10:30:30 markus Exp $");
+RCSID("$Id: cipher.c,v 1.27 2000/05/22 18:42:00 markus Exp $");
#include "ssh.h"
#include "cipher.h"
@@ -178,7 +178,7 @@ ciphers_valid(const char *names)
char *p;
int i;
- if (strcmp(names, "") == 0)
+ if (names == NULL || strcmp(names, "") == 0)
return 0;
ciphers = xstrdup(names);
for ((p = strtok(ciphers, CIPHER_SEP)); p; (p = strtok(NULL, CIPHER_SEP))) {
@@ -201,6 +201,8 @@ int
cipher_number(const char *name)
{
int i;
+ if (name == NULL)
+ return -1;
for (i = 0; i < sizeof(cipher_names) / sizeof(cipher_names[0]); i++)
if (strcmp(cipher_names[i], name) == 0 &&
(cipher_mask() & (1 << i)))
diff --git a/crypto/openssh/compat.c b/crypto/openssh/compat.c
index 33e509cb89b2..1dd0c39d224c 100644
--- a/crypto/openssh/compat.c
+++ b/crypto/openssh/compat.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$Id: compat.c,v 1.13 2000/05/08 17:42:24 markus Exp $");
+RCSID("$Id: compat.c,v 1.14 2000/05/22 18:42:01 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -80,10 +80,12 @@ compat_datafellows(const char *version)
int
proto_spec(const char *spec)
{
- char *s = xstrdup(spec);
- char *p;
+ char *s, *p;
int ret = SSH_PROTO_UNKNOWN;
+ if (spec == NULL)
+ return ret;
+ s = xstrdup(spec);
for ((p = strtok(s, SEP)); p; (p = strtok(NULL, SEP))) {
switch(atoi(p)) {
case 1:
diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c
index c10c77ead605..a6c8174a4251 100644
--- a/crypto/openssh/kex.c
+++ b/crypto/openssh/kex.c
@@ -28,13 +28,14 @@
*/
#include "includes.h"
-RCSID("$Id: kex.c,v 1.6 2000/05/08 17:42:25 markus Exp $");
+RCSID("$Id: kex.c,v 1.7 2000/05/25 20:45:20 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
+#include "packet.h"
#include "cipher.h"
#include "compat.h"
@@ -49,15 +50,17 @@ RCSID("$Id: kex.c,v 1.6 2000/05/08 17:42:25 markus Exp $");
#include "kex.h"
+#define KEX_COOKIE_LEN 16
+
Buffer *
kex_init(char *myproposal[PROPOSAL_MAX])
{
- char c = 0;
- unsigned char cookie[16];
+ int first_kex_packet_follows = 0;
+ unsigned char cookie[KEX_COOKIE_LEN];
u_int32_t rand = 0;
int i;
Buffer *ki = xmalloc(sizeof(*ki));
- for (i = 0; i < 16; i++) {
+ for (i = 0; i < KEX_COOKIE_LEN; i++) {
if (i % 4 == 0)
rand = arc4random();
cookie[i] = rand & 0xff;
@@ -67,11 +70,55 @@ kex_init(char *myproposal[PROPOSAL_MAX])
buffer_append(ki, (char *)cookie, sizeof cookie);
for (i = 0; i < PROPOSAL_MAX; i++)
buffer_put_cstring(ki, myproposal[i]);
- buffer_append(ki, &c, 1); /* boolean first_kex_packet_follows */
- buffer_put_int(ki, 0); /* uint32 0 (reserved for future extension) */
+ buffer_put_char(ki, first_kex_packet_follows);
+ buffer_put_int(ki, 0); /* uint32 reserved */
return ki;
}
+/* send kexinit, parse and save reply */
+void
+kex_exchange_kexinit(
+ Buffer *my_kexinit, Buffer *peer_kexint,
+ char *peer_proposal[PROPOSAL_MAX])
+{
+ int i;
+ char *ptr;
+ int plen;
+
+ debug("send KEXINIT");
+ packet_start(SSH2_MSG_KEXINIT);
+ packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit));
+ packet_send();
+ packet_write_wait();
+ debug("done");
+
+ /*
+ * read and save raw KEXINIT payload in buffer. this is used during
+ * computation of the session_id and the session keys.
+ */
+ debug("wait KEXINIT");
+ packet_read_expect(&plen, SSH2_MSG_KEXINIT);
+ ptr = packet_get_raw(&plen);
+ buffer_append(peer_kexint, ptr, plen);
+
+ /* parse packet and save algorithm proposal */
+ /* skip cookie */
+ for (i = 0; i < KEX_COOKIE_LEN; i++)
+ packet_get_char();
+ /* extract kex init proposal strings */
+ for (i = 0; i < PROPOSAL_MAX; i++) {
+ peer_proposal[i] = packet_get_string(NULL);
+ debug("got kexinit: %s", peer_proposal[i]);
+ }
+ /* first kex follow / reserved */
+ i = packet_get_char();
+ debug("first kex follow: %d ", i);
+ i = packet_get_int();
+ debug("reserved: %d ", i);
+ packet_done();
+ debug("done");
+}
+
/* diffie-hellman-group1-sha1 */
int
@@ -134,12 +181,6 @@ dh_new_group1()
}
void
-bignum_print(BIGNUM *b)
-{
- BN_print_fp(stderr,b);
-}
-
-void
dump_digest(unsigned char *digest, int len)
{
int i;
@@ -246,10 +287,13 @@ char *
get_match(char *client, char *server)
{
char *sproposals[MAX_PROP];
- char *p;
+ char *c, *s, *p, *ret;
int i, j, nproposals;
- for ((p = strtok(server, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
+ c = xstrdup(client);
+ s = xstrdup(server);
+
+ for ((p = strtok(s, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
if (i < MAX_PROP)
sproposals[i] = p;
else
@@ -257,11 +301,18 @@ get_match(char *client, char *server)
}
nproposals = i;
- for ((p = strtok(client, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
- for (j = 0; j < nproposals; j++)
- if (strcmp(p, sproposals[j]) == 0)
- return xstrdup(p);
+ for ((p = strtok(c, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
+ for (j = 0; j < nproposals; j++) {
+ if (strcmp(p, sproposals[j]) == 0) {
+ ret = xstrdup(p);
+ xfree(c);
+ xfree(s);
+ return ret;
+ }
+ }
}
+ xfree(c);
+ xfree(s);
return NULL;
}
void
@@ -355,7 +406,6 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
Kex *
kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server)
{
- int i;
int mode;
int ctos; /* direction: if true client-to-server */
int need;
@@ -383,10 +433,6 @@ kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server
choose_kex(k, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
choose_hostkeyalg(k, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
- for (i = 0; i < PROPOSAL_MAX; i++) {
- xfree(cprop[i]);
- xfree(sprop[i]);
- }
need = 0;
for (mode = 0; mode < MODE_MAX; mode++) {
if (need < k->enc[mode].key_len)
@@ -396,9 +442,7 @@ kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server
if (need < k->mac[mode].key_len)
need = k->mac[mode].key_len;
}
- /* need runden? */
-#define WE_NEED 32
- k->we_need = WE_NEED;
+ /* XXX need runden? */
k->we_need = need;
return k;
}
diff --git a/crypto/openssh/kex.h b/crypto/openssh/kex.h
index 5395ebc3f085..7e5c67024bff 100644
--- a/crypto/openssh/kex.h
+++ b/crypto/openssh/kex.h
@@ -91,12 +91,17 @@ struct Kex {
};
Buffer *kex_init(char *myproposal[PROPOSAL_MAX]);
-int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub);
-DH *dh_new_group1();
-Kex *kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server);
+void
+kex_exchange_kexinit(
+ Buffer *my_kexinit, Buffer *peer_kexint,
+ char *peer_proposal[PROPOSAL_MAX]);
+Kex *
+kex_choose_conf(char *cprop[PROPOSAL_MAX],
+ char *sprop[PROPOSAL_MAX], int server);
int kex_derive_keys(Kex *k, unsigned char *hash, BIGNUM *shared_secret);
-void bignum_print(BIGNUM *b);
void packet_set_kex(Kex *k);
+int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub);
+DH *dh_new_group1();
unsigned char *
kex_hash(
diff --git a/crypto/openssh/lib/Makefile b/crypto/openssh/lib/Makefile
index 35de105b496d..aae1677ec7ee 100644
--- a/crypto/openssh/lib/Makefile
+++ b/crypto/openssh/lib/Makefile
@@ -5,7 +5,7 @@ SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \
cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \
hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
- key.c dispatch.c dsa.c kex.c hmac.c uuencode.c
+ key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c
NOPROFILE= yes
NOPIC= yes
diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h
index 8b24179724f3..9611d89517d8 100644
--- a/crypto/openssh/myproposal.h
+++ b/crypto/openssh/myproposal.h
@@ -6,7 +6,7 @@
#define KEX_DEFAULT_LANG ""
-static const char *myproposal[PROPOSAL_MAX] = {
+static char *myproposal[PROPOSAL_MAX] = {
KEX_DEFAULT_KEX,
KEX_DEFAULT_PK_ALG,
KEX_DEFAULT_ENCRYPT,
diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index 57f7050dbb42..4e3e5cc79674 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$Id: servconf.c,v 1.40 2000/05/08 17:12:15 markus Exp $");
+RCSID("$Id: servconf.c,v 1.41 2000/05/22 18:42:01 markus Exp $");
#include "ssh.h"
#include "servconf.h"
@@ -588,6 +588,8 @@ parse_flag:
case sCiphers:
cp = strtok(NULL, WHITESPACE);
+ if (!cp)
+ fatal("%s line %d: Missing argument.", filename, linenum);
if (!ciphers_valid(cp))
fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
filename, linenum, cp ? cp : "<NONE>");
@@ -598,6 +600,8 @@ parse_flag:
case sProtocol:
intptr = &options->protocol;
cp = strtok(NULL, WHITESPACE);
+ if (!cp)
+ fatal("%s line %d: Missing argument.", filename, linenum);
value = proto_spec(cp);
if (value == SSH_PROTO_UNKNOWN)
fatal("%s line %d: Bad protocol spec '%s'.",
diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c
index 9bf31275beaf..74a800b9d964 100644
--- a/crypto/openssh/serverloop.c
+++ b/crypto/openssh/serverloop.c
@@ -159,33 +159,37 @@ retry_select:
/* Initialize select() masks. */
FD_ZERO(readset);
+ FD_ZERO(writeset);
- /*
- * Read packets from the client unless we have too much buffered
- * stdin or channel data.
- */
if (compat20) {
/* wrong: bad condition XXX */
if (channel_not_very_much_buffered_data())
FD_SET(connection_in, readset);
} else {
- if (buffer_len(&stdin_buffer) < 4096 &&
+ /*
+ * Read packets from the client unless we have too much
+ * buffered stdin or channel data.
+ */
+ if (buffer_len(&stdin_buffer) < buffer_high &&
channel_not_very_much_buffered_data())
FD_SET(connection_in, readset);
+ /*
+ * If there is not too much data already buffered going to
+ * the client, try to get some more data from the program.
+ */
+ if (packet_not_very_much_data_to_write()) {
+ if (!fdout_eof)
+ FD_SET(fdout, readset);
+ if (!fderr_eof)
+ FD_SET(fderr, readset);
+ }
+ /*
+ * If we have buffered data, try to write some of that data
+ * to the program.
+ */
+ if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
+ FD_SET(fdin, writeset);
}
-
- /*
- * If there is not too much data already buffered going to the
- * client, try to get some more data from the program.
- */
- if (!compat20 && packet_not_very_much_data_to_write()) {
- if (!fdout_eof)
- FD_SET(fdout, readset);
- if (!fderr_eof)
- FD_SET(fderr, readset);
- }
- FD_ZERO(writeset);
-
/* Set masks for channel descriptors. */
channel_prepare_select(readset, writeset);
@@ -196,11 +200,6 @@ retry_select:
if (packet_have_data_to_write())
FD_SET(connection_out, writeset);
- /* If we have buffered data, try to write some of that data to the
- program. */
- if (!compat20 && fdin != -1 && buffer_len(&stdin_buffer) > 0)
- FD_SET(fdin, writeset);
-
/* Update the maximum descriptor number if appropriate. */
if (channel_max_fd() > max_fd)
max_fd = channel_max_fd();
@@ -250,20 +249,15 @@ process_input(fd_set * readset)
if (len == 0) {
verbose("Connection closed by remote host.");
fatal_cleanup();
+ } else if (len < 0) {
+ if (errno != EINTR && errno != EAGAIN) {
+ verbose("Read error from remote host: %.100s", strerror(errno));
+ fatal_cleanup();
+ }
+ } else {
+ /* Buffer any received data. */
+ packet_process_incoming(buf, len);
}
- /*
- * There is a kernel bug on Solaris that causes select to
- * sometimes wake up even though there is no data available.
- */
- if (len < 0 && errno == EAGAIN)
- len = 0;
-
- if (len < 0) {
- verbose("Read error from remote host: %.100s", strerror(errno));
- fatal_cleanup();
- }
- /* Buffer any received data. */
- packet_process_incoming(buf, len);
}
if (compat20)
return;
@@ -271,9 +265,11 @@ process_input(fd_set * readset)
/* Read and buffer any available stdout data from the program. */
if (!fdout_eof && FD_ISSET(fdout, readset)) {
len = read(fdout, buf, sizeof(buf));
- if (len <= 0)
+ if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ /* do nothing */
+ } else if (len <= 0) {
fdout_eof = 1;
- else {
+ } else {
buffer_append(&stdout_buffer, buf, len);
fdout_bytes += len;
}
@@ -281,10 +277,13 @@ process_input(fd_set * readset)
/* Read and buffer any available stderr data from the program. */
if (!fderr_eof && FD_ISSET(fderr, readset)) {
len = read(fderr, buf, sizeof(buf));
- if (len <= 0)
+ if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ /* do nothing */
+ } else if (len <= 0) {
fderr_eof = 1;
- else
+ } else {
buffer_append(&stderr_buffer, buf, len);
+ }
}
}
@@ -300,7 +299,9 @@ process_output(fd_set * writeset)
if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
len = write(fdin, buffer_ptr(&stdin_buffer),
buffer_len(&stdin_buffer));
- if (len <= 0) {
+ if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ /* do nothing */
+ } else if (len <= 0) {
#ifdef USE_PIPES
close(fdin);
#else
@@ -367,6 +368,7 @@ process_buffered_input_packets()
void
server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
{
+ fd_set readset, writeset;
int wait_status; /* Status returned by wait(). */
pid_t wait_pid; /* pid returned by wait(). */
int waiting_termination = 0; /* Have displayed waiting close message. */
@@ -386,6 +388,14 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
fdin = fdin_arg;
fdout = fdout_arg;
fderr = fderr_arg;
+
+ /* nonblocking IO */
+ set_nonblock(fdin);
+ set_nonblock(fdout);
+ /* we don't have stderr for interactive terminal sessions, see below */
+ if (fderr != -1)
+ set_nonblock(fderr);
+
connection_in = packet_get_connection_in();
connection_out = packet_get_connection_out();
@@ -426,7 +436,6 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
/* Main loop of the server for the interactive session mode. */
for (;;) {
- fd_set readset, writeset;
/* Process buffered packets from the client. */
process_buffered_input_packets();
@@ -694,6 +703,9 @@ input_direct_tcpip(void)
originator = packet_get_string(NULL);
originator_port = packet_get_int();
packet_done();
+
+ debug("open direct-tcpip: from %s port %d to %s port %d",
+ originator, originator_port, target, target_port);
/* XXX check permission */
sock = channel_connect_to(target, target_port);
xfree(target);
@@ -745,7 +757,6 @@ server_input_channel_open(int type, int plen)
channel_free(id);
}
} else if (strcmp(ctype, "direct-tcpip") == 0) {
- debug("open direct-tcpip");
id = input_direct_tcpip();
if (id >= 0)
c = channel_lookup(id);
diff --git a/crypto/openssh/ssh2.h b/crypto/openssh/ssh2.h
index cf684bacf969..1fa4c0a0ddae 100644
--- a/crypto/openssh/ssh2.h
+++ b/crypto/openssh/ssh2.h
@@ -1,5 +1,5 @@
/*
- * draft-ietf-secsh-architecture-04.txt
+ * draft-ietf-secsh-architecture-05.txt
*
* Transport layer protocol:
*
@@ -28,6 +28,7 @@
*
* 192-255 Local extensions
*/
+/* RCSID("$OpenBSD: ssh2.h,v 1.3 2000/05/15 07:03:12 markus Exp $"); */
/* transport layer: generic */
@@ -88,6 +89,7 @@
#define SSH2_DISCONNECT_PROTOCOL_ERROR 2
#define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3
#define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4
+#define SSH2_DISCONNECT_RESERVED 4
#define SSH2_DISCONNECT_MAC_ERROR 5
#define SSH2_DISCONNECT_COMPRESSION_ERROR 6
#define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7
@@ -95,6 +97,10 @@
#define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9
#define SSH2_DISCONNECT_CONNECTION_LOST 10
#define SSH2_DISCONNECT_BY_APPLICATION 11
+#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12
+#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13
+#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14
+#define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15
/* misc */
diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c
index 80beac30680a..2e54651ea9b6 100644
--- a/crypto/openssh/sshconnect.c
+++ b/crypto/openssh/sshconnect.c
@@ -8,7 +8,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.72 2000/05/04 09:50:22 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.74 2000/05/17 16:57:02 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -251,7 +251,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
temporarily_use_uid(original_real_uid);
if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) {
/* Successful connection. */
- memcpy(hostaddr, ai->ai_addr, sizeof(*hostaddr));
+ memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
restore_uid();
break;
} else {
@@ -297,21 +297,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
return 1;
}
-char *
-chop(char *s)
-{
- char *t = s;
- while (*t) {
- if(*t == '\n' || *t == '\r') {
- *t = '\0';
- return s;
- }
- t++;
- }
- return s;
-
-}
-
/*
* Waits for the server identification string, and sends our own
* identification string.
diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c
index 99ffb2c478d4..0abcf89a0a07 100644
--- a/crypto/openssh/sshconnect2.c
+++ b/crypto/openssh/sshconnect2.c
@@ -28,7 +28,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.10 2000/05/08 17:42:25 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.11 2000/05/25 20:45:20 markus Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -68,16 +68,12 @@ unsigned char *session_id2 = NULL;
int session_id2_len = 0;
void
-ssh_kex2(char *host, struct sockaddr *hostaddr)
+ssh_kex_dh(Kex *kex, char *host, struct sockaddr *hostaddr,
+ Buffer *client_kexinit, Buffer *server_kexinit)
{
- Kex *kex;
- char *cprop[PROPOSAL_MAX];
- char *sprop[PROPOSAL_MAX];
- Buffer *client_kexinit;
- Buffer *server_kexinit;
- int payload_len, dlen;
+ int i;
+ int plen, dlen;
unsigned int klen, kout;
- char *ptr;
char *signature = NULL;
unsigned int slen;
char *server_host_key_blob = NULL;
@@ -86,72 +82,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
DH *dh;
BIGNUM *dh_server_pub = 0;
BIGNUM *shared_secret = 0;
- int i;
unsigned char *kbuf;
unsigned char *hash;
-/* KEXINIT */
-
- debug("Sending KEX init.");
- if (options.ciphers != NULL) {
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
- } else if (options.cipher == SSH_CIPHER_3DES) {
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- myproposal[PROPOSAL_ENC_ALGS_STOC] =
- cipher_name(SSH_CIPHER_3DES_CBC);
- } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- myproposal[PROPOSAL_ENC_ALGS_STOC] =
- cipher_name(SSH_CIPHER_BLOWFISH_CBC);
- }
- if (options.compression) {
- myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
- } else {
- myproposal[PROPOSAL_COMP_ALGS_CTOS] = "none";
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
- }
- for (i = 0; i < PROPOSAL_MAX; i++)
- cprop[i] = xstrdup(myproposal[i]);
-
- client_kexinit = kex_init(cprop);
- packet_start(SSH2_MSG_KEXINIT);
- packet_put_raw(buffer_ptr(client_kexinit), buffer_len(client_kexinit));
- packet_send();
- packet_write_wait();
-
- debug("done");
-
- packet_read_expect(&payload_len, SSH2_MSG_KEXINIT);
-
- /* save payload for session_id */
- server_kexinit = xmalloc(sizeof(*server_kexinit));
- buffer_init(server_kexinit);
- ptr = packet_get_raw(&payload_len);
- buffer_append(server_kexinit, ptr, payload_len);
-
- /* skip cookie */
- for (i = 0; i < 16; i++)
- (void) packet_get_char();
- /* kex init proposal strings */
- for (i = 0; i < PROPOSAL_MAX; i++) {
- sprop[i] = packet_get_string(NULL);
- debug("got kexinit string: %s", sprop[i]);
- }
- i = (int) packet_get_char();
- debug("first kex follow == %d", i);
- i = packet_get_int();
- debug("reserved == %d", i);
- packet_done();
-
- debug("done read kexinit");
- kex = kex_choose_conf(cprop, sprop, 0);
-
-/* KEXDH */
-
debug("Sending SSH2_MSG_KEXDH_INIT.");
-
/* generate and send 'e', client DH public key */
dh = dh_new_group1();
packet_start(SSH2_MSG_KEXDH_INIT);
@@ -172,7 +106,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
debug("Wait SSH2_MSG_KEXDH_REPLY.");
- packet_read_expect(&payload_len, SSH2_MSG_KEXDH_REPLY);
+ packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);
debug("Got SSH2_MSG_KEXDH_REPLY.");
@@ -233,10 +167,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
shared_secret
);
xfree(server_host_key_blob);
- buffer_free(client_kexinit);
- buffer_free(server_kexinit);
- xfree(client_kexinit);
- xfree(server_kexinit);
+ DH_free(dh);
#ifdef DEBUG_KEXDH
fprintf(stderr, "hash == ");
for (i = 0; i< 20; i++)
@@ -250,16 +181,61 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
kex_derive_keys(kex, hash, shared_secret);
packet_set_kex(kex);
- /* have keys, free DH */
- DH_free(dh);
-
/* save session id */
session_id2_len = 20;
session_id2 = xmalloc(session_id2_len);
memcpy(session_id2, hash, session_id2_len);
+}
+
+void
+ssh_kex2(char *host, struct sockaddr *hostaddr)
+{
+ int i, plen;
+ Kex *kex;
+ Buffer *client_kexinit, *server_kexinit;
+ char *sprop[PROPOSAL_MAX];
+
+ if (options.ciphers != NULL) {
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
+ } else if (options.cipher == SSH_CIPHER_3DES) {
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_STOC] =
+ (char *) cipher_name(SSH_CIPHER_3DES_CBC);
+ } else if (options.cipher == SSH_CIPHER_BLOWFISH) {
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_STOC] =
+ (char *) cipher_name(SSH_CIPHER_BLOWFISH_CBC);
+ }
+ if (options.compression) {
+ myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
+ } else {
+ myproposal[PROPOSAL_COMP_ALGS_CTOS] = "none";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+ }
+
+ /* buffers with raw kexinit messages */
+ server_kexinit = xmalloc(sizeof(*server_kexinit));
+ buffer_init(server_kexinit);
+ client_kexinit = kex_init(myproposal);
+
+ /* algorithm negotiation */
+ kex_exchange_kexinit(client_kexinit, server_kexinit, sprop);
+ kex = kex_choose_conf(myproposal, sprop, 0);
+ for (i = 0; i < PROPOSAL_MAX; i++)
+ xfree(sprop[i]);
+
+ /* server authentication and session key agreement */
+ ssh_kex_dh(kex, host, hostaddr, client_kexinit, server_kexinit);
+
+ buffer_free(client_kexinit);
+ buffer_free(server_kexinit);
+ xfree(client_kexinit);
+ xfree(server_kexinit);
debug("Wait SSH2_MSG_NEWKEYS.");
- packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS);
+ packet_read_expect(&plen, SSH2_MSG_NEWKEYS);
packet_done();
debug("GOT SSH2_MSG_NEWKEYS.");
@@ -278,6 +254,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
#endif
debug("done: KEX2.");
}
+
/*
* Authenticate user
*/
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index 0d62320a1183..4a1a47fc9682 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.115 2000/05/03 10:21:49 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.118 2000/05/25 20:45:20 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -258,21 +258,6 @@ key_regeneration_alarm(int sig)
errno = save_errno;
}
-char *
-chop(char *s)
-{
- char *t = s;
- while (*t) {
- if(*t == '\n' || *t == '\r') {
- *t = '\0';
- return s;
- }
- t++;
- }
- return s;
-
-}
-
void
sshd_exchange_identification(int sock_in, int sock_out)
{
@@ -400,9 +385,12 @@ void
destroy_sensitive_data(void)
{
/* Destroy the private and public keys. They will no longer be needed. */
- RSA_free(public_key);
- RSA_free(sensitive_data.private_key);
- RSA_free(sensitive_data.host_key);
+ if (public_key)
+ RSA_free(public_key);
+ if (sensitive_data.private_key)
+ RSA_free(sensitive_data.private_key);
+ if (sensitive_data.host_key)
+ RSA_free(sensitive_data.host_key);
if (sensitive_data.dsa_host_key != NULL)
key_free(sensitive_data.dsa_host_key);
}
@@ -1161,7 +1149,6 @@ do_ssh2_kex()
int payload_len, dlen;
int slen;
unsigned int klen, kout;
- char *ptr;
unsigned char *signature = NULL;
unsigned char *server_host_key_blob = NULL;
unsigned int sbloblen;
@@ -1173,7 +1160,6 @@ do_ssh2_kex()
unsigned char *hash;
Kex *kex;
char *cprop[PROPOSAL_MAX];
- char *sprop[PROPOSAL_MAX];
/* KEXINIT */
@@ -1181,46 +1167,15 @@ do_ssh2_kex()
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
-
- debug("Sending KEX init.");
-
- for (i = 0; i < PROPOSAL_MAX; i++)
- sprop[i] = xstrdup(myproposal[i]);
- server_kexinit = kex_init(sprop);
- packet_start(SSH2_MSG_KEXINIT);
- packet_put_raw(buffer_ptr(server_kexinit), buffer_len(server_kexinit));
- packet_send();
- packet_write_wait();
-
- debug("done");
-
- packet_read_expect(&payload_len, SSH2_MSG_KEXINIT);
-
- /*
- * save raw KEXINIT payload in buffer. this is used during
- * computation of the session_id and the session keys.
- */
+ server_kexinit = kex_init(myproposal);
client_kexinit = xmalloc(sizeof(*client_kexinit));
buffer_init(client_kexinit);
- ptr = packet_get_raw(&payload_len);
- buffer_append(client_kexinit, ptr, payload_len);
- /* skip cookie */
- for (i = 0; i < 16; i++)
- (void) packet_get_char();
- /* save kex init proposal strings */
- for (i = 0; i < PROPOSAL_MAX; i++) {
- cprop[i] = packet_get_string(NULL);
- debug("got kexinit string: %s", cprop[i]);
- }
-
- i = (int) packet_get_char();
- debug("first kex follow == %d", i);
- i = packet_get_int();
- debug("reserved == %d", i);
-
- debug("done read kexinit");
- kex = kex_choose_conf(cprop, sprop, 1);
+ /* algorithm negotiation */
+ kex_exchange_kexinit(server_kexinit, client_kexinit, cprop);
+ kex = kex_choose_conf(cprop, myproposal, 1);
+ for (i = 0; i < PROPOSAL_MAX; i++)
+ xfree(cprop[i]);
/* KEXDH */