summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog11
-rw-r--r--auth-rh-rsa.c4
-rw-r--r--auth-rhosts.c13
-rw-r--r--auth-rsa.c9
-rw-r--r--channels.c3
-rw-r--r--clientloop.c6
-rw-r--r--mpaux.c3
-rw-r--r--servconf.c16
-rw-r--r--ssh-keygen.c4
-rw-r--r--ssh.c4
-rw-r--r--ssh.h122
-rw-r--r--sshconnect.c102
-rw-r--r--sshd.c7
13 files changed, 159 insertions, 145 deletions
diff --git a/ChangeLog b/ChangeLog
index c610abc91..f224a77cd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,17 @@
9 - Released 1.2pre10 9 - Released 1.2pre10
10 10
11 - Added INSTALL documentation 11 - Added INSTALL documentation
12 - Merged yet more changes from OpenBSD CVS
13 - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
14 [ssh.c ssh.h sshconnect.c sshd.c]
15 make all access to options via 'extern Options options'
16 and 'extern ServerOptions options' respectively;
17 options are no longer passed as arguments:
18 * make options handling more consistent
19 * remove #include "readconf.h" from ssh.h
20 * readconf.h is only included if necessary
21 - [mpaux.c] clear temp buffer
22 - [servconf.c] print _all_ bad options found in configfile
12 23
1319991111 2419991111
14 - Added (untested) Entropy Gathering Daemon (EGD) support 25 - Added (untested) Entropy Gathering Daemon (EGD) support
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index b6f1d6c73..fa855a1a8 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,7 +15,7 @@ authentication.
15*/ 15*/
16 16
17#include "includes.h" 17#include "includes.h"
18RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $"); 18RCSID("$Id: auth-rh-rsa.c,v 1.4 1999/11/12 04:19:27 damien Exp $");
19 19
20#include "packet.h" 20#include "packet.h"
21#include "ssh.h" 21#include "ssh.h"
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
38 debug("Trying rhosts with RSA host authentication for %.100s", client_user); 38 debug("Trying rhosts with RSA host authentication for %.100s", client_user);
39 39
40 /* Check if we would accept it using rhosts authentication. */ 40 /* Check if we would accept it using rhosts authentication. */
41 if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes)) 41 if (!auth_rhosts(pw, client_user))
42 return 0; 42 return 0;
43 43
44 canonical_hostname = get_canonical_hostname(); 44 canonical_hostname = get_canonical_hostname();
diff --git a/auth-rhosts.c b/auth-rhosts.c
index ebf2fcbc2..7e5614cb8 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -16,12 +16,13 @@ the login based on rhosts authentication. This file also processes
16*/ 16*/
17 17
18#include "includes.h" 18#include "includes.h"
19RCSID("$Id: auth-rhosts.c,v 1.1 1999/10/27 03:42:43 damien Exp $"); 19RCSID("$Id: auth-rhosts.c,v 1.2 1999/11/12 04:19:27 damien Exp $");
20 20
21#include "packet.h" 21#include "packet.h"
22#include "ssh.h" 22#include "ssh.h"
23#include "xmalloc.h" 23#include "xmalloc.h"
24#include "uidswap.h" 24#include "uidswap.h"
25#include "servconf.h"
25 26
26/* This function processes an rhosts-style file (.rhosts, .shosts, or 27/* This function processes an rhosts-style file (.rhosts, .shosts, or
27 /etc/hosts.equiv). This returns true if authentication can be granted 28 /etc/hosts.equiv). This returns true if authentication can be granted
@@ -155,9 +156,9 @@ int check_rhosts_file(const char *filename, const char *hostname,
155 true, only /etc/hosts.equiv will be considered (.rhosts and .shosts 156 true, only /etc/hosts.equiv will be considered (.rhosts and .shosts
156 are ignored). */ 157 are ignored). */
157 158
158int auth_rhosts(struct passwd *pw, const char *client_user, 159int auth_rhosts(struct passwd *pw, const char *client_user)
159 int ignore_rhosts, int strict_modes)
160{ 160{
161 extern ServerOptions options;
161 char buf[1024]; 162 char buf[1024];
162 const char *hostname, *ipaddr; 163 const char *hostname, *ipaddr;
163 int port; 164 int port;
@@ -234,7 +235,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
234 pw->pw_name, pw->pw_dir); 235 pw->pw_name, pw->pw_dir);
235 return 0; 236 return 0;
236 } 237 }
237 if (strict_modes && 238 if (options.strict_modes &&
238 ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || 239 ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
239 (st.st_mode & 022) != 0)) 240 (st.st_mode & 022) != 0))
240 { 241 {
@@ -261,7 +262,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
261 and make sure it is not writable by anyone but the owner. This is 262 and make sure it is not writable by anyone but the owner. This is
262 to help avoid novices accidentally allowing access to their account 263 to help avoid novices accidentally allowing access to their account
263 by anyone. */ 264 by anyone. */
264 if (strict_modes && 265 if (options.strict_modes &&
265 ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || 266 ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
266 (st.st_mode & 022) != 0)) 267 (st.st_mode & 022) != 0))
267 { 268 {
@@ -273,7 +274,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
273 274
274 /* Check if we have been configured to ignore .rhosts and .shosts 275 /* Check if we have been configured to ignore .rhosts and .shosts
275 files. */ 276 files. */
276 if (ignore_rhosts) 277 if (options.ignore_rhosts)
277 { 278 {
278 packet_send_debug("Server has been configured to ignore %.100s.", 279 packet_send_debug("Server has been configured to ignore %.100s.",
279 rhosts_files[rhosts_file_index]); 280 rhosts_files[rhosts_file_index]);
diff --git a/auth-rsa.c b/auth-rsa.c
index dc1ad81a2..6968df58c 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -17,7 +17,7 @@ validity of the host key.
17 17
18#include "config.h" 18#include "config.h"
19#include "includes.h" 19#include "includes.h"
20RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); 20RCSID("$Id: auth-rsa.c,v 1.5 1999/11/12 04:19:27 damien Exp $");
21 21
22#include "rsa.h" 22#include "rsa.h"
23#include "packet.h" 23#include "packet.h"
@@ -25,6 +25,7 @@ RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
25#include "ssh.h" 25#include "ssh.h"
26#include "mpaux.h" 26#include "mpaux.h"
27#include "uidswap.h" 27#include "uidswap.h"
28#include "servconf.h"
28 29
29#ifdef HAVE_OPENSSL 30#ifdef HAVE_OPENSSL
30#include <openssl/rsa.h> 31#include <openssl/rsa.h>
@@ -100,7 +101,6 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
100 len = BN_num_bytes(challenge); 101 len = BN_num_bytes(challenge);
101 if (len <= 0 || len > 32) 102 if (len <= 0 || len > 32)
102 fatal("auth_rsa_challenge_dialog: bad challenge length %d", len); 103 fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
103
104 memset(buf, 0, 32); 104 memset(buf, 0, 32);
105 BN_bn2bin(challenge, buf + 32 - len); 105 BN_bn2bin(challenge, buf + 32 - len);
106 MD5_Init(&md); 106 MD5_Init(&md);
@@ -136,8 +136,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
136 successful. This may exit if there is a serious protocol violation. */ 136 successful. This may exit if there is a serious protocol violation. */
137 137
138int 138int
139auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes) 139auth_rsa(struct passwd *pw, BIGNUM *client_n)
140{ 140{
141 extern ServerOptions options;
141 char line[8192]; 142 char line[8192];
142 int authenticated; 143 int authenticated;
143 unsigned int bits; 144 unsigned int bits;
@@ -172,7 +173,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes)
172 return 0; 173 return 0;
173 } 174 }
174 175
175 if (strict_modes) { 176 if (options.strict_modes) {
176 int fail=0; 177 int fail=0;
177 char buf[1024]; 178 char buf[1024];
178 /* Check open file in order to avoid open/stat races */ 179 /* Check open file in order to avoid open/stat races */
diff --git a/channels.c b/channels.c
index 032e8f2af..c5ec1fc87 100644
--- a/channels.c
+++ b/channels.c
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
16*/ 16*/
17 17
18#include "includes.h" 18#include "includes.h"
19RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); 19RCSID("$Id: channels.c,v 1.5 1999/11/12 04:19:27 damien Exp $");
20 20
21#include "ssh.h" 21#include "ssh.h"
22#include "packet.h" 22#include "packet.h"
@@ -24,6 +24,7 @@ RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
24#include "buffer.h" 24#include "buffer.h"
25#include "authfd.h" 25#include "authfd.h"
26#include "uidswap.h" 26#include "uidswap.h"
27#include "readconf.h"
27#include "servconf.h" 28#include "servconf.h"
28 29
29#include "channels.h" 30#include "channels.h"
diff --git a/clientloop.c b/clientloop.c
index a236ce9b2..410dc54de 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -15,7 +15,7 @@ The main loop for the interactive session (client side).
15*/ 15*/
16 16
17#include "includes.h" 17#include "includes.h"
18RCSID("$Id: clientloop.c,v 1.2 1999/11/11 06:57:39 damien Exp $"); 18RCSID("$Id: clientloop.c,v 1.3 1999/11/12 04:19:27 damien Exp $");
19 19
20#include "xmalloc.h" 20#include "xmalloc.h"
21#include "ssh.h" 21#include "ssh.h"
@@ -24,9 +24,6 @@ RCSID("$Id: clientloop.c,v 1.2 1999/11/11 06:57:39 damien Exp $");
24#include "authfd.h" 24#include "authfd.h"
25#include "readconf.h" 25#include "readconf.h"
26 26
27/* Flag indicating whether quiet mode is on. */
28extern Options options;
29
30/* Flag indicating that stdin should be redirected from /dev/null. */ 27/* Flag indicating that stdin should be redirected from /dev/null. */
31extern int stdin_null_flag; 28extern int stdin_null_flag;
32 29
@@ -764,6 +761,7 @@ void client_process_output(fd_set *writeset)
764 761
765int client_loop(int have_pty, int escape_char_arg) 762int client_loop(int have_pty, int escape_char_arg)
766{ 763{
764 extern Options options;
767 double start_time, total_time; 765 double start_time, total_time;
768 int len; 766 int len;
769 char buf[100]; 767 char buf[100];
diff --git a/mpaux.c b/mpaux.c
index e1b97a158..0622f5b47 100644
--- a/mpaux.c
+++ b/mpaux.c
@@ -16,7 +16,7 @@ precision integers.
16 16
17#include "config.h" 17#include "config.h"
18#include "includes.h" 18#include "includes.h"
19RCSID("$Id: mpaux.c,v 1.3 1999/10/28 05:23:30 damien Exp $"); 19RCSID("$Id: mpaux.c,v 1.4 1999/11/12 04:19:27 damien Exp $");
20 20
21#ifdef HAVE_OPENSSL 21#ifdef HAVE_OPENSSL
22#include <openssl/bn.h> 22#include <openssl/bn.h>
@@ -50,5 +50,6 @@ compute_session_id(unsigned char session_id[16],
50 MD5_Init(&md); 50 MD5_Init(&md);
51 MD5_Update(&md, buf, bytes); 51 MD5_Update(&md, buf, bytes);
52 MD5_Final(session_id, &md); 52 MD5_Final(session_id, &md);
53 memset(buf, 0, bytes);
53 xfree(buf); 54 xfree(buf);
54} 55}
diff --git a/servconf.c b/servconf.c
index b1e52638c..f6d063989 100644
--- a/servconf.c
+++ b/servconf.c
@@ -12,7 +12,7 @@ Created: Mon Aug 21 15:48:58 1995 ylo
12*/ 12*/
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$Id: servconf.c,v 1.3 1999/11/12 00:33:04 damien Exp $"); 15RCSID("$Id: servconf.c,v 1.4 1999/11/12 04:19:27 damien Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "servconf.h" 18#include "servconf.h"
@@ -144,6 +144,7 @@ void fill_default_server_options(ServerOptions *options)
144/* Keyword tokens. */ 144/* Keyword tokens. */
145typedef enum 145typedef enum
146{ 146{
147 sBadOption, /* == unknown option */
147 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, 148 sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
148 sPermitRootLogin, sLogFacility, sLogLevel, 149 sPermitRootLogin, sLogFacility, sLogLevel,
149 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, 150 sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
@@ -260,9 +261,9 @@ static ServerOpCodes parse_token(const char *cp, const char *filename,
260 if (strcmp(cp, keywords[i].name) == 0) 261 if (strcmp(cp, keywords[i].name) == 0)
261 return keywords[i].opcode; 262 return keywords[i].opcode;
262 263
263 fprintf(stderr, "%s line %d: Bad configuration option: %s\n", 264 fprintf(stderr, "%s: line %d: Bad configuration option: %s\n",
264 filename, linenum, cp); 265 filename, linenum, cp);
265 exit(1); 266 return sBadOption;
266} 267}
267 268
268/* Reads the server configuration file. */ 269/* Reads the server configuration file. */
@@ -273,6 +274,7 @@ void read_server_config(ServerOptions *options, const char *filename)
273 char line[1024]; 274 char line[1024];
274 char *cp, **charptr; 275 char *cp, **charptr;
275 int linenum, *intptr, i, value; 276 int linenum, *intptr, i, value;
277 int bad_options = 0;
276 ServerOpCodes opcode; 278 ServerOpCodes opcode;
277 279
278 f = fopen(filename, "r"); 280 f = fopen(filename, "r");
@@ -300,6 +302,9 @@ void read_server_config(ServerOptions *options, const char *filename)
300 opcode = parse_token(cp, filename, linenum); 302 opcode = parse_token(cp, filename, linenum);
301 switch (opcode) 303 switch (opcode)
302 { 304 {
305 case sBadOption:
306 bad_options++;
307 continue;
303 case sPort: 308 case sPort:
304 intptr = &options->port; 309 intptr = &options->port;
305 parse_int: 310 parse_int:
@@ -596,4 +601,9 @@ void read_server_config(ServerOptions *options, const char *filename)
596 } 601 }
597 } 602 }
598 fclose(f); 603 fclose(f);
604 if (bad_options > 0) {
605 fprintf(stderr, "%s: terminating, %d bad configuration options\n",
606 filename, bad_options);
607 exit(1);
608 }
599} 609}
diff --git a/ssh-keygen.c b/ssh-keygen.c
index e2cb48fd9..4d950aee8 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -14,7 +14,7 @@ Identity and host key generation and maintenance.
14*/ 14*/
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$Id: ssh-keygen.c,v 1.2 1999/11/08 04:30:59 damien Exp $"); 17RCSID("$Id: ssh-keygen.c,v 1.3 1999/11/12 04:19:27 damien Exp $");
18 18
19#include "rsa.h" 19#include "rsa.h"
20#include "ssh.h" 20#include "ssh.h"
@@ -117,7 +117,7 @@ do_change_passphrase(struct passwd *pw)
117 xfree(old_passphrase); 117 xfree(old_passphrase);
118 } 118 }
119 printf("Key has comment '%s'\n", comment); 119 printf("Key has comment '%s'\n", comment);
120 120
121 /* Ask the new passphrase (twice). */ 121 /* Ask the new passphrase (twice). */
122 if (identity_new_passphrase) 122 if (identity_new_passphrase)
123 { 123 {
diff --git a/ssh.c b/ssh.c
index be5ad2cc7..1514e185c 100644
--- a/ssh.c
+++ b/ssh.c
@@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
18*/ 18*/
19 19
20#include "includes.h" 20#include "includes.h"
21RCSID("$Id: ssh.c,v 1.5 1999/11/11 06:57:40 damien Exp $"); 21RCSID("$Id: ssh.c,v 1.6 1999/11/12 04:19:27 damien Exp $");
22 22
23#include "xmalloc.h" 23#include "xmalloc.h"
24#include "ssh.h" 24#include "ssh.h"
@@ -590,7 +590,7 @@ main(int ac, char **av)
590 590
591 /* Log into the remote system. This never returns if the login fails. */ 591 /* Log into the remote system. This never returns if the login fails. */
592 ssh_login(host_private_key_loaded, host_private_key, 592 ssh_login(host_private_key_loaded, host_private_key,
593 host, &hostaddr, &options, original_real_uid); 593 host, &hostaddr, original_real_uid);
594 594
595 /* We no longer need the host private key. Clear it now. */ 595 /* We no longer need the host private key. Clear it now. */
596 if (host_private_key_loaded) 596 if (host_private_key_loaded)
diff --git a/ssh.h b/ssh.h
index f33621320..ac98d1814 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
13 13
14*/ 14*/
15 15
16/* RCSID("$Id: ssh.h,v 1.11 1999/11/12 00:33:04 damien Exp $"); */ 16/* RCSID("$Id: ssh.h,v 1.12 1999/11/12 04:19:27 damien Exp $"); */
17 17
18#ifndef SSH_H 18#ifndef SSH_H
19#define SSH_H 19#define SSH_H
@@ -221,60 +221,6 @@ only by root, whereas ssh_config should be world-readable. */
221#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ 221#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
222#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ 222#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
223 223
224
225/*------------ Definitions for logging. -----------------------*/
226
227/* Supported syslog facilities and levels. */
228typedef enum
229{
230 SYSLOG_FACILITY_DAEMON,
231 SYSLOG_FACILITY_USER,
232 SYSLOG_FACILITY_AUTH,
233 SYSLOG_FACILITY_LOCAL0,
234 SYSLOG_FACILITY_LOCAL1,
235 SYSLOG_FACILITY_LOCAL2,
236 SYSLOG_FACILITY_LOCAL3,
237 SYSLOG_FACILITY_LOCAL4,
238 SYSLOG_FACILITY_LOCAL5,
239 SYSLOG_FACILITY_LOCAL6,
240 SYSLOG_FACILITY_LOCAL7
241} SyslogFacility;
242
243typedef enum
244{
245 SYSLOG_LEVEL_QUIET,
246 SYSLOG_LEVEL_FATAL,
247 SYSLOG_LEVEL_ERROR,
248 SYSLOG_LEVEL_INFO,
249 SYSLOG_LEVEL_CHAT,
250 SYSLOG_LEVEL_DEBUG
251} LogLevel;
252
253/* Initializes logging. */
254void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
255
256/* Logging implementation, depending on server or client */
257void do_log(LogLevel level, const char *fmt, va_list args);
258
259/* Output a message to syslog or stderr */
260void fatal(const char *fmt, ...);
261void error(const char *fmt, ...);
262void log(const char *fmt, ...);
263void chat(const char *fmt, ...);
264void debug(const char *fmt, ...);
265
266/* same as fatal() but w/o logging */
267void fatal_cleanup(void);
268
269/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting.
270 It is permissible to call fatal_remove_cleanup for the function itself
271 from the function. */
272void fatal_add_cleanup(void (*proc)(void *context), void *context);
273
274/* Removes a cleanup function to be called at fatal(). */
275void fatal_remove_cleanup(void (*proc)(void *context), void *context);
276
277
278/*------------ definitions for login.c -------------*/ 224/*------------ definitions for login.c -------------*/
279 225
280/* Returns the time when the user last logged in. Returns 0 if the 226/* Returns the time when the user last logged in. Returns 0 if the
@@ -314,21 +260,15 @@ int ssh_connect(const char *host, struct sockaddr_in *hostaddr,
314 This initializes the random state, and leaves it initialized (it will also 260 This initializes the random state, and leaves it initialized (it will also
315 have references from the packet module). */ 261 have references from the packet module). */
316 262
317/* for Options */
318#include "readconf.h"
319
320void ssh_login(int host_key_valid, RSA *host_key, const char *host, 263void ssh_login(int host_key_valid, RSA *host_key, const char *host,
321 struct sockaddr_in *hostaddr, Options *options, 264 struct sockaddr_in *hostaddr, uid_t original_real_uid);
322 uid_t original_real_uid);
323 265
324/*------------ Definitions for various authentication methods. -------*/ 266/*------------ Definitions for various authentication methods. -------*/
325 267
326/* Tries to authenticate the user using the .rhosts file. Returns true if 268/* Tries to authenticate the user using the .rhosts file. Returns true if
327 authentication succeeds. If ignore_rhosts is non-zero, this will not 269 authentication succeeds. If ignore_rhosts is non-zero, this will not
328 consider .rhosts and .shosts (/etc/hosts.equiv will still be used). 270 consider .rhosts and .shosts (/etc/hosts.equiv will still be used). */
329 If strict_modes is true, checks ownership and modes of .rhosts/.shosts. */ 271int auth_rhosts(struct passwd *pw, const char *client_user);
330int auth_rhosts(struct passwd *pw, const char *client_user,
331 int ignore_rhosts, int strict_modes);
332 272
333/* Tries to authenticate the user using the .rhosts file and the host using 273/* Tries to authenticate the user using the .rhosts file and the host using
334 its host key. Returns true if authentication succeeds. */ 274 its host key. Returns true if authentication succeeds. */
@@ -343,7 +283,7 @@ int auth_password(struct passwd *pw, const char *password);
343/* Performs the RSA authentication dialog with the client. This returns 283/* Performs the RSA authentication dialog with the client. This returns
344 0 if the client could not be authenticated, and 1 if authentication was 284 0 if the client could not be authenticated, and 1 if authentication was
345 successful. This may exit if there is a serious protocol violation. */ 285 successful. This may exit if there is a serious protocol violation. */
346int auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes); 286int auth_rsa(struct passwd *pw, BIGNUM *client_n);
347 287
348/* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer 288/* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
349 over the key. Skips any whitespace at the beginning and at end. */ 289 over the key. Skips any whitespace at the beginning and at end. */
@@ -421,6 +361,58 @@ int load_public_key(const char *filename, RSA *pub,
421int load_private_key(const char *filename, const char *passphrase, 361int load_private_key(const char *filename, const char *passphrase,
422 RSA *private_key, char **comment_return); 362 RSA *private_key, char **comment_return);
423 363
364/*------------ Definitions for logging. -----------------------*/
365
366/* Supported syslog facilities and levels. */
367typedef enum
368{
369 SYSLOG_FACILITY_DAEMON,
370 SYSLOG_FACILITY_USER,
371 SYSLOG_FACILITY_AUTH,
372 SYSLOG_FACILITY_LOCAL0,
373 SYSLOG_FACILITY_LOCAL1,
374 SYSLOG_FACILITY_LOCAL2,
375 SYSLOG_FACILITY_LOCAL3,
376 SYSLOG_FACILITY_LOCAL4,
377 SYSLOG_FACILITY_LOCAL5,
378 SYSLOG_FACILITY_LOCAL6,
379 SYSLOG_FACILITY_LOCAL7
380} SyslogFacility;
381
382typedef enum
383{
384 SYSLOG_LEVEL_QUIET,
385 SYSLOG_LEVEL_FATAL,
386 SYSLOG_LEVEL_ERROR,
387 SYSLOG_LEVEL_INFO,
388 SYSLOG_LEVEL_CHAT,
389 SYSLOG_LEVEL_DEBUG
390} LogLevel;
391
392/* Initializes logging. */
393void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
394
395/* Logging implementation, depending on server or client */
396void do_log(LogLevel level, const char *fmt, va_list args);
397
398/* Output a message to syslog or stderr */
399void fatal(const char *fmt, ...);
400void error(const char *fmt, ...);
401void log(const char *fmt, ...);
402void chat(const char *fmt, ...);
403void debug(const char *fmt, ...);
404
405/* same as fatal() but w/o logging */
406void fatal_cleanup(void);
407
408/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting.
409 It is permissible to call fatal_remove_cleanup for the function itself
410 from the function. */
411void fatal_add_cleanup(void (*proc)(void *context), void *context);
412
413/* Removes a cleanup function to be called at fatal(). */
414void fatal_remove_cleanup(void (*proc)(void *context), void *context);
415
424/*---------------- definitions for channels ------------------*/ 416/*---------------- definitions for channels ------------------*/
425 417
426/* Sets specific protocol options. */ 418/* Sets specific protocol options. */
diff --git a/sshconnect.c b/sshconnect.c
index a16e25a8d..80e4aff4a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -16,7 +16,7 @@ login (authentication) dialog.
16 16
17#include "config.h" 17#include "config.h"
18#include "includes.h" 18#include "includes.h"
19RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $"); 19RCSID("$Id: sshconnect.c,v 1.6 1999/11/12 04:19:27 damien Exp $");
20 20
21#ifdef HAVE_OPENSSL 21#ifdef HAVE_OPENSSL
22#include <openssl/bn.h> 22#include <openssl/bn.h>
@@ -36,7 +36,7 @@ RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $");
36#include "mpaux.h" 36#include "mpaux.h"
37#include "uidswap.h" 37#include "uidswap.h"
38#include "compat.h" 38#include "compat.h"
39 39#include "readconf.h"
40 40
41/* Session id for the current session. */ 41/* Session id for the current session. */
42unsigned char session_id[16]; 42unsigned char session_id[16];
@@ -486,9 +486,9 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
486 the user using it. */ 486 the user using it. */
487 487
488int 488int
489try_rsa_authentication(struct passwd *pw, const char *authfile, 489try_rsa_authentication(struct passwd *pw, const char *authfile)
490 int may_ask_passphrase)
491{ 490{
491 extern Options options;
492 BIGNUM *challenge; 492 BIGNUM *challenge;
493 RSA *private_key; 493 RSA *private_key;
494 RSA *public_key; 494 RSA *public_key;
@@ -550,7 +550,7 @@ try_rsa_authentication(struct passwd *pw, const char *authfile,
550 return. */ 550 return. */
551 snprintf(buf, sizeof buf, 551 snprintf(buf, sizeof buf,
552 "Enter passphrase for RSA key '%.100s': ", comment); 552 "Enter passphrase for RSA key '%.100s': ", comment);
553 if (may_ask_passphrase) 553 if (!options.batch_mode)
554 passphrase = read_passphrase(buf, 0); 554 passphrase = read_passphrase(buf, 0);
555 else 555 else
556 { 556 {
@@ -1014,8 +1014,9 @@ void ssh_login(int host_key_valid,
1014 RSA *own_host_key, 1014 RSA *own_host_key,
1015 const char *orighost, 1015 const char *orighost,
1016 struct sockaddr_in *hostaddr, 1016 struct sockaddr_in *hostaddr,
1017 Options *options, uid_t original_real_uid) 1017 uid_t original_real_uid)
1018{ 1018{
1019 extern Options options;
1019 int i, type; 1020 int i, type;
1020 char *password; 1021 char *password;
1021 struct passwd *pw; 1022 struct passwd *pw;
@@ -1035,7 +1036,7 @@ void ssh_login(int host_key_valid,
1035 int payload_len, clen, sum_len = 0; 1036 int payload_len, clen, sum_len = 0;
1036 u_int32_t rand = 0; 1037 u_int32_t rand = 0;
1037 1038
1038 if (options->check_host_ip) 1039 if (options.check_host_ip)
1039 ip = xstrdup(inet_ntoa(hostaddr->sin_addr)); 1040 ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
1040 1041
1041 /* Convert the user-supplied hostname into all lowercase. */ 1042 /* Convert the user-supplied hostname into all lowercase. */
@@ -1056,7 +1057,7 @@ void ssh_login(int host_key_valid,
1056 if (!pw) 1057 if (!pw)
1057 fatal("User id %d not found from user database.", original_real_uid); 1058 fatal("User id %d not found from user database.", original_real_uid);
1058 local_user = xstrdup(pw->pw_name); 1059 local_user = xstrdup(pw->pw_name);
1059 server_user = options->user ? options->user : local_user; 1060 server_user = options.user ? options.user : local_user;
1060 1061
1061 debug("Waiting for server public key."); 1062 debug("Waiting for server public key.");
1062 1063
@@ -1132,12 +1133,12 @@ void ssh_login(int host_key_valid,
1132 1133
1133 /* Check if the host key is present in the user\'s list of known hosts 1134 /* Check if the host key is present in the user\'s list of known hosts
1134 or in the systemwide list. */ 1135 or in the systemwide list. */
1135 host_status = check_host_in_hostfile(options->user_hostfile, 1136 host_status = check_host_in_hostfile(options.user_hostfile,
1136 host, BN_num_bits(host_key->n), 1137 host, BN_num_bits(host_key->n),
1137 host_key->e, host_key->n, 1138 host_key->e, host_key->n,
1138 file_key->e, file_key->n); 1139 file_key->e, file_key->n);
1139 if (host_status == HOST_NEW) 1140 if (host_status == HOST_NEW)
1140 host_status = check_host_in_hostfile(options->system_hostfile, host, 1141 host_status = check_host_in_hostfile(options.system_hostfile, host,
1141 BN_num_bits(host_key->n), 1142 BN_num_bits(host_key->n),
1142 host_key->e, host_key->n, 1143 host_key->e, host_key->n,
1143 file_key->e, file_key->n); 1144 file_key->e, file_key->n);
@@ -1154,17 +1155,17 @@ void ssh_login(int host_key_valid,
1154 1155
1155 /* Also perform check for the ip address, skip the check if we are 1156 /* Also perform check for the ip address, skip the check if we are
1156 localhost or the hostname was an ip address to begin with */ 1157 localhost or the hostname was an ip address to begin with */
1157 if (options->check_host_ip && !local && strcmp(host, ip)) { 1158 if (options.check_host_ip && !local && strcmp(host, ip)) {
1158 RSA *ip_key = RSA_new(); 1159 RSA *ip_key = RSA_new();
1159 ip_key->n = BN_new(); 1160 ip_key->n = BN_new();
1160 ip_key->e = BN_new(); 1161 ip_key->e = BN_new();
1161 ip_status = check_host_in_hostfile(options->user_hostfile, ip, 1162 ip_status = check_host_in_hostfile(options.user_hostfile, ip,
1162 BN_num_bits(host_key->n), 1163 BN_num_bits(host_key->n),
1163 host_key->e, host_key->n, 1164 host_key->e, host_key->n,
1164 ip_key->e, ip_key->n); 1165 ip_key->e, ip_key->n);
1165 1166
1166 if (ip_status == HOST_NEW) 1167 if (ip_status == HOST_NEW)
1167 ip_status = check_host_in_hostfile(options->system_hostfile, ip, 1168 ip_status = check_host_in_hostfile(options.system_hostfile, ip,
1168 BN_num_bits(host_key->n), 1169 BN_num_bits(host_key->n),
1169 host_key->e, host_key->n, 1170 host_key->e, host_key->n,
1170 ip_key->e, ip_key->n); 1171 ip_key->e, ip_key->n);
@@ -1183,13 +1184,13 @@ void ssh_login(int host_key_valid,
1183 case HOST_OK: 1184 case HOST_OK:
1184 /* The host is known and the key matches. */ 1185 /* The host is known and the key matches. */
1185 debug("Host '%.200s' is known and matches the host key.", host); 1186 debug("Host '%.200s' is known and matches the host key.", host);
1186 if (options->check_host_ip) { 1187 if (options.check_host_ip) {
1187 if (ip_status == HOST_NEW) { 1188 if (ip_status == HOST_NEW) {
1188 if (!add_host_to_hostfile(options->user_hostfile, ip, 1189 if (!add_host_to_hostfile(options.user_hostfile, ip,
1189 BN_num_bits(host_key->n), 1190 BN_num_bits(host_key->n),
1190 host_key->e, host_key->n)) 1191 host_key->e, host_key->n))
1191 log("Failed to add the host ip to the list of known hosts (%.30s).", 1192 log("Failed to add the host ip to the list of known hosts (%.30s).",
1192 options->user_hostfile); 1193 options.user_hostfile);
1193 else 1194 else
1194 log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip); 1195 log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip);
1195 } else if (ip_status != HOST_OK) 1196 } else if (ip_status != HOST_OK)
@@ -1201,12 +1202,12 @@ void ssh_login(int host_key_valid,
1201 { 1202 {
1202 char hostline[1000], *hostp = hostline; 1203 char hostline[1000], *hostp = hostline;
1203 /* The host is new. */ 1204 /* The host is new. */
1204 if (options->strict_host_key_checking == 1) { 1205 if (options.strict_host_key_checking == 1) {
1205 /* User has requested strict host key checking. We will not 1206 /* User has requested strict host key checking. We will not
1206 add the host key automatically. The only alternative left 1207 add the host key automatically. The only alternative left
1207 is to abort. */ 1208 is to abort. */
1208 fatal("No host key is known for %.200s and you have requested strict checking.", host); 1209 fatal("No host key is known for %.200s and you have requested strict checking.", host);
1209 } else if (options->strict_host_key_checking == 2) { /* The default */ 1210 } else if (options.strict_host_key_checking == 2) { /* The default */
1210 char prompt[1024]; 1211 char prompt[1024];
1211 snprintf(prompt, sizeof(prompt), 1212 snprintf(prompt, sizeof(prompt),
1212 "The authenticity of host '%.200s' can't be established.\n" 1213 "The authenticity of host '%.200s' can't be established.\n"
@@ -1216,25 +1217,25 @@ void ssh_login(int host_key_valid,
1216 fatal("Aborted by user!\n"); 1217 fatal("Aborted by user!\n");
1217 } 1218 }
1218 1219
1219 if (options->check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) 1220 if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
1220 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); 1221 snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
1221 else 1222 else
1222 hostp = host; 1223 hostp = host;
1223 1224
1224 /* If not in strict mode, add the key automatically to the local 1225 /* If not in strict mode, add the key automatically to the local
1225 known_hosts file. */ 1226 known_hosts file. */
1226 if (!add_host_to_hostfile(options->user_hostfile, hostp, 1227 if (!add_host_to_hostfile(options.user_hostfile, hostp,
1227 BN_num_bits(host_key->n), 1228 BN_num_bits(host_key->n),
1228 host_key->e, host_key->n)) 1229 host_key->e, host_key->n))
1229 log("Failed to add the host to the list of known hosts (%.500s).", 1230 log("Failed to add the host to the list of known hosts (%.500s).",
1230 options->user_hostfile); 1231 options.user_hostfile);
1231 else 1232 else
1232 log("Warning: Permanently added '%.200s' to the list of known hosts.", 1233 log("Warning: Permanently added '%.200s' to the list of known hosts.",
1233 hostp); 1234 hostp);
1234 break; 1235 break;
1235 } 1236 }
1236 case HOST_CHANGED: 1237 case HOST_CHANGED:
1237 if (options->check_host_ip) { 1238 if (options.check_host_ip) {
1238 if (host_ip_differ) { 1239 if (host_ip_differ) {
1239 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 1240 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1240 error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); 1241 error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
@@ -1256,23 +1257,23 @@ void ssh_login(int host_key_valid,
1256 error("It is also possible that the host key has just been changed."); 1257 error("It is also possible that the host key has just been changed.");
1257 error("Please contact your system administrator."); 1258 error("Please contact your system administrator.");
1258 error("Add correct host key in %.100s to get rid of this message.", 1259 error("Add correct host key in %.100s to get rid of this message.",
1259 options->user_hostfile); 1260 options.user_hostfile);
1260 1261
1261 /* If strict host key checking is in use, the user will have to edit 1262 /* If strict host key checking is in use, the user will have to edit
1262 the key manually and we can only abort. */ 1263 the key manually and we can only abort. */
1263 if (options->strict_host_key_checking) 1264 if (options.strict_host_key_checking)
1264 fatal("Host key for %.200s has changed and you have requested strict checking.", host); 1265 fatal("Host key for %.200s has changed and you have requested strict checking.", host);
1265 1266
1266 /* If strict host key checking has not been requested, allow the 1267 /* If strict host key checking has not been requested, allow the
1267 connection but without password authentication or 1268 connection but without password authentication or
1268 agent forwarding. */ 1269 agent forwarding. */
1269 if (options->password_authentication) { 1270 if (options.password_authentication) {
1270 error("Password authentication is disabled to avoid trojan horses."); 1271 error("Password authentication is disabled to avoid trojan horses.");
1271 options->password_authentication = 0; 1272 options.password_authentication = 0;
1272 } 1273 }
1273 if (options->forward_agent) { 1274 if (options.forward_agent) {
1274 error("Agent forwarding is disabled to avoid trojan horses."); 1275 error("Agent forwarding is disabled to avoid trojan horses.");
1275 options->forward_agent = 0; 1276 options.forward_agent = 0;
1276 } 1277 }
1277 /* XXX Should permit the user to change to use the new id. This could 1278 /* XXX Should permit the user to change to use the new id. This could
1278 be done by converting the host key to an identifying sentence, tell 1279 be done by converting the host key to an identifying sentence, tell
@@ -1281,7 +1282,7 @@ void ssh_login(int host_key_valid,
1281 break; 1282 break;
1282 } 1283 }
1283 1284
1284 if (options->check_host_ip) 1285 if (options.check_host_ip)
1285 xfree(ip); 1286 xfree(ip);
1286 1287
1287 /* Generate a session key. */ 1288 /* Generate a session key. */
@@ -1344,27 +1345,27 @@ void ssh_login(int host_key_valid,
1344 rsa_public_encrypt(key, key, public_key); 1345 rsa_public_encrypt(key, key, public_key);
1345 } 1346 }
1346 1347
1347 if (options->cipher == SSH_CIPHER_NOT_SET) { 1348 if (options.cipher == SSH_CIPHER_NOT_SET) {
1348 if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default)) 1349 if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
1349 options->cipher = ssh_cipher_default; 1350 options.cipher = ssh_cipher_default;
1350 else { 1351 else {
1351 debug("Cipher %d not supported, using %.100s instead.", 1352 debug("Cipher %d not supported, using %.100s instead.",
1352 cipher_name(ssh_cipher_default), 1353 cipher_name(ssh_cipher_default),
1353 cipher_name(SSH_FALLBACK_CIPHER)); 1354 cipher_name(SSH_FALLBACK_CIPHER));
1354 options->cipher = SSH_FALLBACK_CIPHER; 1355 options.cipher = SSH_FALLBACK_CIPHER;
1355 } 1356 }
1356 } 1357 }
1357 1358
1358 /* Check that the selected cipher is supported. */ 1359 /* Check that the selected cipher is supported. */
1359 if (!(supported_ciphers & (1 << options->cipher))) 1360 if (!(supported_ciphers & (1 << options.cipher)))
1360 fatal("Selected cipher type %.100s not supported by server.", 1361 fatal("Selected cipher type %.100s not supported by server.",
1361 cipher_name(options->cipher)); 1362 cipher_name(options.cipher));
1362 1363
1363 debug("Encryption type: %.100s", cipher_name(options->cipher)); 1364 debug("Encryption type: %.100s", cipher_name(options.cipher));
1364 1365
1365 /* Send the encrypted session key to the server. */ 1366 /* Send the encrypted session key to the server. */
1366 packet_start(SSH_CMSG_SESSION_KEY); 1367 packet_start(SSH_CMSG_SESSION_KEY);
1367 packet_put_char(options->cipher); 1368 packet_put_char(options.cipher);
1368 1369
1369 /* Send the check bytes back to the server. */ 1370 /* Send the check bytes back to the server. */
1370 for (i = 0; i < 8; i++) 1371 for (i = 0; i < 8; i++)
@@ -1390,7 +1391,7 @@ void ssh_login(int host_key_valid,
1390 1391
1391 /* Set the encryption key. */ 1392 /* Set the encryption key. */
1392 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, 1393 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH,
1393 options->cipher, 1); 1394 options.cipher, 1);
1394 1395
1395 /* We will no longer need the session key here. Destroy any extra copies. */ 1396 /* We will no longer need the session key here. Destroy any extra copies. */
1396 memset(session_key, 0, sizeof(session_key)); 1397 memset(session_key, 0, sizeof(session_key));
@@ -1420,17 +1421,17 @@ void ssh_login(int host_key_valid,
1420#ifdef AFS 1421#ifdef AFS
1421 /* Try Kerberos tgt passing if the server supports it. */ 1422 /* Try Kerberos tgt passing if the server supports it. */
1422 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && 1423 if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
1423 options->kerberos_tgt_passing) 1424 options.kerberos_tgt_passing)
1424 { 1425 {
1425 if (options->cipher == SSH_CIPHER_NONE) 1426 if (options.cipher == SSH_CIPHER_NONE)
1426 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); 1427 log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
1427 (void)send_kerberos_tgt(); 1428 (void)send_kerberos_tgt();
1428 } 1429 }
1429 1430
1430 /* Try AFS token passing if the server supports it. */ 1431 /* Try AFS token passing if the server supports it. */
1431 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && 1432 if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
1432 options->afs_token_passing && k_hasafs()) { 1433 options.afs_token_passing && k_hasafs()) {
1433 if (options->cipher == SSH_CIPHER_NONE) 1434 if (options.cipher == SSH_CIPHER_NONE)
1434 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); 1435 log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
1435 send_afs_tokens(); 1436 send_afs_tokens();
1436 } 1437 }
@@ -1438,7 +1439,7 @@ void ssh_login(int host_key_valid,
1438 1439
1439#ifdef KRB4 1440#ifdef KRB4
1440 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && 1441 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
1441 options->kerberos_authentication) 1442 options.kerberos_authentication)
1442 { 1443 {
1443 debug("Trying Kerberos authentication."); 1444 debug("Trying Kerberos authentication.");
1444 if (try_kerberos_authentication()) { 1445 if (try_kerberos_authentication()) {
@@ -1455,7 +1456,7 @@ void ssh_login(int host_key_valid,
1455 /* Use rhosts authentication if running in privileged socket and we do not 1456 /* Use rhosts authentication if running in privileged socket and we do not
1456 wish to remain anonymous. */ 1457 wish to remain anonymous. */
1457 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && 1458 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
1458 options->rhosts_authentication) 1459 options.rhosts_authentication)
1459 { 1460 {
1460 debug("Trying rhosts authentication."); 1461 debug("Trying rhosts authentication.");
1461 packet_start(SSH_CMSG_AUTH_RHOSTS); 1462 packet_start(SSH_CMSG_AUTH_RHOSTS);
@@ -1475,7 +1476,7 @@ void ssh_login(int host_key_valid,
1475 /* Try .rhosts or /etc/hosts.equiv authentication with RSA host 1476 /* Try .rhosts or /etc/hosts.equiv authentication with RSA host
1476 authentication. */ 1477 authentication. */
1477 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && 1478 if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
1478 options->rhosts_rsa_authentication && host_key_valid) 1479 options.rhosts_rsa_authentication && host_key_valid)
1479 { 1480 {
1480 if (try_rhosts_rsa_authentication(local_user, own_host_key)) 1481 if (try_rhosts_rsa_authentication(local_user, own_host_key))
1481 return; /* Successful authentication. */ 1482 return; /* Successful authentication. */
@@ -1483,7 +1484,7 @@ void ssh_login(int host_key_valid,
1483 1484
1484 /* Try RSA authentication if the server supports it. */ 1485 /* Try RSA authentication if the server supports it. */
1485 if ((supported_authentications & (1 << SSH_AUTH_RSA)) && 1486 if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
1486 options->rsa_authentication) 1487 options.rsa_authentication)
1487 { 1488 {
1488 /* Try RSA authentication using the authentication agent. The agent 1489 /* Try RSA authentication using the authentication agent. The agent
1489 is tried first because no passphrase is needed for it, whereas 1490 is tried first because no passphrase is needed for it, whereas
@@ -1492,23 +1493,22 @@ void ssh_login(int host_key_valid,
1492 return; /* Successful connection. */ 1493 return; /* Successful connection. */
1493 1494
1494 /* Try RSA authentication for each identity. */ 1495 /* Try RSA authentication for each identity. */
1495 for (i = 0; i < options->num_identity_files; i++) 1496 for (i = 0; i < options.num_identity_files; i++)
1496 if (try_rsa_authentication(pw, options->identity_files[i], 1497 if (try_rsa_authentication(pw, options.identity_files[i]))
1497 !options->batch_mode))
1498 return; /* Successful connection. */ 1498 return; /* Successful connection. */
1499 } 1499 }
1500 1500
1501 /* Try password authentication if the server supports it. */ 1501 /* Try password authentication if the server supports it. */
1502 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && 1502 if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
1503 options->password_authentication && !options->batch_mode) 1503 options.password_authentication && !options.batch_mode)
1504 { 1504 {
1505 char prompt[80]; 1505 char prompt[80];
1506 snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ", 1506 snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
1507 server_user, host); 1507 server_user, host);
1508 debug("Doing password authentication."); 1508 debug("Doing password authentication.");
1509 if (options->cipher == SSH_CIPHER_NONE) 1509 if (options.cipher == SSH_CIPHER_NONE)
1510 log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); 1510 log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
1511 for (i = 0; i < options->number_of_password_prompts; i++) { 1511 for (i = 0; i < options.number_of_password_prompts; i++) {
1512 if (i != 0) 1512 if (i != 0)
1513 error("Permission denied, please try again."); 1513 error("Permission denied, please try again.");
1514 password = read_passphrase(prompt, 0); 1514 password = read_passphrase(prompt, 0);
diff --git a/sshd.c b/sshd.c
index 7cc24cd1a..b975c8dcc 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
18*/ 18*/
19 19
20#include "includes.h" 20#include "includes.h"
21RCSID("$Id: sshd.c,v 1.16 1999/11/12 00:33:04 damien Exp $"); 21RCSID("$Id: sshd.c,v 1.17 1999/11/12 04:19:27 damien Exp $");
22 22
23#include "xmalloc.h" 23#include "xmalloc.h"
24#include "rsa.h" 24#include "rsa.h"
@@ -1343,8 +1343,7 @@ do_authentication(char *user, int privileged_port)
1343 } 1343 }
1344 1344
1345 /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ 1345 /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
1346 if (auth_rhosts(pw, client_user, options.ignore_rhosts, 1346 if (auth_rhosts(pw, client_user))
1347 options.strict_modes))
1348 { 1347 {
1349 /* Authentication accepted. */ 1348 /* Authentication accepted. */
1350 log("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", 1349 log("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.",
@@ -1431,7 +1430,7 @@ do_authentication(char *user, int privileged_port)
1431 1430
1432 packet_integrity_check(plen, nlen, type); 1431 packet_integrity_check(plen, nlen, type);
1433 1432
1434 if (auth_rsa(pw, n, options.strict_modes)) 1433 if (auth_rsa(pw, n))
1435 { 1434 {
1436 /* Successful authentication. */ 1435 /* Successful authentication. */
1437 BN_clear_free(n); 1436 BN_clear_free(n);