diff options
Diffstat (limited to 'sshconnect.c')
| -rw-r--r-- | sshconnect.c | 56 |
1 files changed, 34 insertions, 22 deletions
diff --git a/sshconnect.c b/sshconnect.c index 675de610..bca0bf43 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $"); #ifdef HAVE_OPENSSL #include <openssl/bn.h> @@ -250,7 +250,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, debug("Trying again..."); /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ + sequence until the connection succeeds. */ for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; @@ -264,7 +264,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, host, ntop, strport); /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, + sock = ssh_create_socket(original_real_uid, !anonymous && geteuid() == 0 && port < IPPORT_RESERVED, ai->ai_family); if (sock < 0) @@ -1059,7 +1059,7 @@ ssh_exchange_identification() break; } /* FALLTHROUGH */ - default: + default: mismatch = 1; break; } @@ -1363,13 +1363,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) debug("Sending KEX init."); if (options.ciphers != NULL) { - myproposal[PROPOSAL_ENC_ALGS_CTOS] = + myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; } else if ( options.cipher == SSH_CIPHER_ARCFOUR || - options.cipher == SSH_CIPHER_3DES_CBC || - options.cipher == SSH_CIPHER_CAST128_CBC || - options.cipher == SSH_CIPHER_BLOWFISH_CBC) { + options.cipher == SSH_CIPHER_3DES_CBC || + options.cipher == SSH_CIPHER_CAST128_CBC || + options.cipher == SSH_CIPHER_BLOWFISH_CBC) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher); } @@ -1411,6 +1411,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) debug("first kex follow == %d", i); i = packet_get_int(); debug("reserved == %d", i); + packet_done(); debug("done read kexinit"); kex = kex_choose_conf(cprop, sprop, 0); @@ -1434,7 +1435,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) fprintf(stderr, "\npub= "); bignum_print(dh->pub_key); fprintf(stderr, "\n"); - DHparams_print_fp(stderr, dh); + DHparams_print_fp(stderr, dh); #endif debug("Wait SSH2_MSG_KEXDH_REPLY."); @@ -1466,6 +1467,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) /* signed H */ signature = packet_get_string(&slen); + packet_done(); if (!dh_pub_is_valid(dh, dh_server_pub)) packet_disconnect("bad server public DH value"); @@ -1475,14 +1477,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) kout = DH_compute_key(kbuf, dh_server_pub, dh); #ifdef DEBUG_KEXDH debug("shared secret: len %d/%d", klen, kout); - fprintf(stderr, "shared secret == "); - for (i = 0; i< kout; i++) - fprintf(stderr, "%02x", (kbuf[i])&0xff); - fprintf(stderr, "\n"); + fprintf(stderr, "shared secret == "); + for (i = 0; i< kout; i++) + fprintf(stderr, "%02x", (kbuf[i])&0xff); + fprintf(stderr, "\n"); #endif - shared_secret = BN_new(); + shared_secret = BN_new(); - BN_bin2bn(kbuf, kout, shared_secret); + BN_bin2bn(kbuf, kout, shared_secret); memset(kbuf, 0, klen); xfree(kbuf); @@ -1502,10 +1504,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) xfree(client_kexinit); xfree(server_kexinit); #ifdef DEBUG_KEXDH - fprintf(stderr, "hash == "); - for (i = 0; i< 20; i++) - fprintf(stderr, "%02x", (hash[i])&0xff); - fprintf(stderr, "\n"); + fprintf(stderr, "hash == "); + for (i = 0; i< 20; i++) + fprintf(stderr, "%02x", (hash[i])&0xff); + fprintf(stderr, "\n"); #endif dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20); key_free(server_host_key); @@ -1518,6 +1520,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) debug("Wait SSH2_MSG_NEWKEYS."); packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS); + packet_done(); debug("GOT SSH2_MSG_NEWKEYS."); debug("send SSH2_MSG_NEWKEYS."); @@ -1551,7 +1554,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key, char *server_user, *local_user; char *auths; char *password; - char *service = "ssh-connection"; // service name + char *service = "ssh-connection"; /* service name */ debug("send SSH2_MSG_SERVICE_REQUEST"); packet_start(SSH2_MSG_SERVICE_REQUEST); @@ -1563,8 +1566,15 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key, if (type != SSH2_MSG_SERVICE_ACCEPT) { fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); } - /* payload empty for ssh-2.0.13 ?? */ - /* reply = packet_get_string(&payload_len); */ + if (packet_remaining() > 0) { + char *reply = packet_get_string(&plen); + debug("service_accept: %s", reply); + xfree(reply); + } else { + /* payload empty for ssh-2.0.13 ?? */ + log("buggy server: service_accept w/o service"); + } + packet_done(); debug("got SSH2_MSG_SERVICE_ACCEPT"); /*XX COMMONCODE: */ @@ -1593,6 +1603,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key, auths = packet_get_string(&dlen); debug("authentications that can continue: %s", auths); partial = packet_get_char(); + packet_done(); if (partial) debug("partial success"); if (strstr(auths, "password") == NULL) @@ -1613,6 +1624,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key, packet_send(); packet_write_wait(); } + packet_done(); debug("ssh-userauth2 successfull"); } |