diff options
author | Damien Miller <djm@mindrot.org> | 2000-03-17 23:40:15 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-03-17 23:40:15 +1100 |
commit | 7684ee17ee96426970c00cb44d9d00b6611b9a57 (patch) | |
tree | cb447b6e9d3fdc10b3e66a90b198092d7245447a /sshconnect.c | |
parent | d6121d2972c1a6924f6d186ea04eefe9dab774ef (diff) |
- OpenBSD CVS updates:
- [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
[packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
[sshd.c]
pedantic: signed vs. unsigned, void*-arithm, etc
- [ssh.1 sshd.8]
Various cleanups and standardizations.
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/sshconnect.c b/sshconnect.c index c4c9aee1f..910548fac 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -8,7 +8,7 @@ | |||
8 | */ | 8 | */ |
9 | 9 | ||
10 | #include "includes.h" | 10 | #include "includes.h" |
11 | RCSID("$OpenBSD: sshconnect.c,v 1.56 2000/02/18 08:50:33 markus Exp $"); | 11 | RCSID("$OpenBSD: sshconnect.c,v 1.57 2000/03/16 20:56:14 markus Exp $"); |
12 | 12 | ||
13 | #ifdef HAVE_OPENSSL | 13 | #ifdef HAVE_OPENSSL |
14 | #include <openssl/bn.h> | 14 | #include <openssl/bn.h> |
@@ -638,6 +638,7 @@ try_kerberos_authentication() | |||
638 | char *realm; | 638 | char *realm; |
639 | CREDENTIALS cred; | 639 | CREDENTIALS cred; |
640 | int r, type, plen; | 640 | int r, type, plen; |
641 | socklen_t slen; | ||
641 | Key_schedule schedule; | 642 | Key_schedule schedule; |
642 | u_long checksum, cksum; | 643 | u_long checksum, cksum; |
643 | MSG_DAT msg_data; | 644 | MSG_DAT msg_data; |
@@ -680,16 +681,16 @@ try_kerberos_authentication() | |||
680 | /* Zero the buffer. */ | 681 | /* Zero the buffer. */ |
681 | (void) memset(auth.dat, 0, MAX_KTXT_LEN); | 682 | (void) memset(auth.dat, 0, MAX_KTXT_LEN); |
682 | 683 | ||
683 | r = sizeof(local); | 684 | slen = sizeof(local); |
684 | memset(&local, 0, sizeof(local)); | 685 | memset(&local, 0, sizeof(local)); |
685 | if (getsockname(packet_get_connection_in(), | 686 | if (getsockname(packet_get_connection_in(), |
686 | (struct sockaddr *) & local, &r) < 0) | 687 | (struct sockaddr *) & local, &slen) < 0) |
687 | debug("getsockname failed: %s", strerror(errno)); | 688 | debug("getsockname failed: %s", strerror(errno)); |
688 | 689 | ||
689 | r = sizeof(foreign); | 690 | slen = sizeof(foreign); |
690 | memset(&foreign, 0, sizeof(foreign)); | 691 | memset(&foreign, 0, sizeof(foreign)); |
691 | if (getpeername(packet_get_connection_in(), | 692 | if (getpeername(packet_get_connection_in(), |
692 | (struct sockaddr *) & foreign, &r) < 0) { | 693 | (struct sockaddr *) & foreign, &slen) < 0) { |
693 | debug("getpeername failed: %s", strerror(errno)); | 694 | debug("getpeername failed: %s", strerror(errno)); |
694 | fatal_cleanup(); | 695 | fatal_cleanup(); |
695 | } | 696 | } |
@@ -751,7 +752,7 @@ send_kerberos_tgt() | |||
751 | CREDENTIALS *creds; | 752 | CREDENTIALS *creds; |
752 | char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; | 753 | char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; |
753 | int r, type, plen; | 754 | int r, type, plen; |
754 | unsigned char buffer[8192]; | 755 | char buffer[8192]; |
755 | struct stat st; | 756 | struct stat st; |
756 | 757 | ||
757 | /* Don't do anything if we don't have any tickets. */ | 758 | /* Don't do anything if we don't have any tickets. */ |
@@ -772,11 +773,11 @@ send_kerberos_tgt() | |||
772 | debug("Kerberos V4 ticket expired: %s", TKT_FILE); | 773 | debug("Kerberos V4 ticket expired: %s", TKT_FILE); |
773 | return 0; | 774 | return 0; |
774 | } | 775 | } |
775 | creds_to_radix(creds, buffer); | 776 | creds_to_radix(creds, (unsigned char *)buffer); |
776 | xfree(creds); | 777 | xfree(creds); |
777 | 778 | ||
778 | packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); | 779 | packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); |
779 | packet_put_string((char *) buffer, strlen(buffer)); | 780 | packet_put_string(buffer, strlen(buffer)); |
780 | packet_send(); | 781 | packet_send(); |
781 | packet_write_wait(); | 782 | packet_write_wait(); |
782 | 783 | ||
@@ -798,7 +799,7 @@ send_afs_tokens(void) | |||
798 | struct ClearToken ct; | 799 | struct ClearToken ct; |
799 | int i, type, len, plen; | 800 | int i, type, len, plen; |
800 | char buf[2048], *p, *server_cell; | 801 | char buf[2048], *p, *server_cell; |
801 | unsigned char buffer[8192]; | 802 | char buffer[8192]; |
802 | 803 | ||
803 | /* Move over ktc_GetToken, here's something leaner. */ | 804 | /* Move over ktc_GetToken, here's something leaner. */ |
804 | for (i = 0; i < 100; i++) { /* just in case */ | 805 | for (i = 0; i < 100; i++) { /* just in case */ |
@@ -840,10 +841,10 @@ send_afs_tokens(void) | |||
840 | creds.pinst[0] = '\0'; | 841 | creds.pinst[0] = '\0'; |
841 | 842 | ||
842 | /* Encode token, ship it off. */ | 843 | /* Encode token, ship it off. */ |
843 | if (!creds_to_radix(&creds, buffer)) | 844 | if (!creds_to_radix(&creds, (unsigned char*) buffer)) |
844 | break; | 845 | break; |
845 | packet_start(SSH_CMSG_HAVE_AFS_TOKEN); | 846 | packet_start(SSH_CMSG_HAVE_AFS_TOKEN); |
846 | packet_put_string((char *) buffer, strlen(buffer)); | 847 | packet_put_string(buffer, strlen(buffer)); |
847 | packet_send(); | 848 | packet_send(); |
848 | packet_write_wait(); | 849 | packet_write_wait(); |
849 | 850 | ||
@@ -867,7 +868,9 @@ send_afs_tokens(void) | |||
867 | int | 868 | int |
868 | try_skey_authentication() | 869 | try_skey_authentication() |
869 | { | 870 | { |
870 | int type, i, payload_len; | 871 | int type, i; |
872 | int payload_len; | ||
873 | unsigned int clen; | ||
871 | char *challenge, *response; | 874 | char *challenge, *response; |
872 | 875 | ||
873 | debug("Doing skey authentication."); | 876 | debug("Doing skey authentication."); |
@@ -887,7 +890,8 @@ try_skey_authentication() | |||
887 | debug("No challenge for skey authentication."); | 890 | debug("No challenge for skey authentication."); |
888 | return 0; | 891 | return 0; |
889 | } | 892 | } |
890 | challenge = packet_get_string(&payload_len); | 893 | challenge = packet_get_string(&clen); |
894 | packet_integrity_check(payload_len, (4 + clen), type); | ||
891 | if (options.cipher == SSH_CIPHER_NONE) | 895 | if (options.cipher == SSH_CIPHER_NONE) |
892 | log("WARNING: Encryption is disabled! " | 896 | log("WARNING: Encryption is disabled! " |
893 | "Reponse will be transmitted in clear text."); | 897 | "Reponse will be transmitted in clear text."); |