diff options
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | auth-rh-rsa.c | 4 | ||||
-rw-r--r-- | auth-rhosts.c | 13 | ||||
-rw-r--r-- | auth-rsa.c | 9 | ||||
-rw-r--r-- | channels.c | 3 | ||||
-rw-r--r-- | clientloop.c | 6 | ||||
-rw-r--r-- | mpaux.c | 3 | ||||
-rw-r--r-- | servconf.c | 16 | ||||
-rw-r--r-- | ssh-keygen.c | 4 | ||||
-rw-r--r-- | ssh.c | 4 | ||||
-rw-r--r-- | ssh.h | 122 | ||||
-rw-r--r-- | sshconnect.c | 102 | ||||
-rw-r--r-- | sshd.c | 7 |
13 files changed, 159 insertions, 145 deletions
@@ -9,6 +9,17 @@ | |||
9 | - Released 1.2pre10 | 9 | - Released 1.2pre10 |
10 | 10 | ||
11 | - Added INSTALL documentation | 11 | - Added INSTALL documentation |
12 | - Merged yet more changes from OpenBSD CVS | ||
13 | - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c] | ||
14 | [ssh.c ssh.h sshconnect.c sshd.c] | ||
15 | make all access to options via 'extern Options options' | ||
16 | and 'extern ServerOptions options' respectively; | ||
17 | options are no longer passed as arguments: | ||
18 | * make options handling more consistent | ||
19 | * remove #include "readconf.h" from ssh.h | ||
20 | * readconf.h is only included if necessary | ||
21 | - [mpaux.c] clear temp buffer | ||
22 | - [servconf.c] print _all_ bad options found in configfile | ||
12 | 23 | ||
13 | 19991111 | 24 | 19991111 |
14 | - Added (untested) Entropy Gathering Daemon (EGD) support | 25 | - Added (untested) Entropy Gathering Daemon (EGD) support |
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index b6f1d6c73..fa855a1a8 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -15,7 +15,7 @@ authentication. | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $"); | 18 | RCSID("$Id: auth-rh-rsa.c,v 1.4 1999/11/12 04:19:27 damien Exp $"); |
19 | 19 | ||
20 | #include "packet.h" | 20 | #include "packet.h" |
21 | #include "ssh.h" | 21 | #include "ssh.h" |
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, | |||
38 | debug("Trying rhosts with RSA host authentication for %.100s", client_user); | 38 | debug("Trying rhosts with RSA host authentication for %.100s", client_user); |
39 | 39 | ||
40 | /* Check if we would accept it using rhosts authentication. */ | 40 | /* Check if we would accept it using rhosts authentication. */ |
41 | if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes)) | 41 | if (!auth_rhosts(pw, client_user)) |
42 | return 0; | 42 | return 0; |
43 | 43 | ||
44 | canonical_hostname = get_canonical_hostname(); | 44 | canonical_hostname = get_canonical_hostname(); |
diff --git a/auth-rhosts.c b/auth-rhosts.c index ebf2fcbc2..7e5614cb8 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
@@ -16,12 +16,13 @@ the login based on rhosts authentication. This file also processes | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: auth-rhosts.c,v 1.1 1999/10/27 03:42:43 damien Exp $"); | 19 | RCSID("$Id: auth-rhosts.c,v 1.2 1999/11/12 04:19:27 damien Exp $"); |
20 | 20 | ||
21 | #include "packet.h" | 21 | #include "packet.h" |
22 | #include "ssh.h" | 22 | #include "ssh.h" |
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "uidswap.h" | 24 | #include "uidswap.h" |
25 | #include "servconf.h" | ||
25 | 26 | ||
26 | /* This function processes an rhosts-style file (.rhosts, .shosts, or | 27 | /* This function processes an rhosts-style file (.rhosts, .shosts, or |
27 | /etc/hosts.equiv). This returns true if authentication can be granted | 28 | /etc/hosts.equiv). This returns true if authentication can be granted |
@@ -155,9 +156,9 @@ int check_rhosts_file(const char *filename, const char *hostname, | |||
155 | true, only /etc/hosts.equiv will be considered (.rhosts and .shosts | 156 | true, only /etc/hosts.equiv will be considered (.rhosts and .shosts |
156 | are ignored). */ | 157 | are ignored). */ |
157 | 158 | ||
158 | int auth_rhosts(struct passwd *pw, const char *client_user, | 159 | int auth_rhosts(struct passwd *pw, const char *client_user) |
159 | int ignore_rhosts, int strict_modes) | ||
160 | { | 160 | { |
161 | extern ServerOptions options; | ||
161 | char buf[1024]; | 162 | char buf[1024]; |
162 | const char *hostname, *ipaddr; | 163 | const char *hostname, *ipaddr; |
163 | int port; | 164 | int port; |
@@ -234,7 +235,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user, | |||
234 | pw->pw_name, pw->pw_dir); | 235 | pw->pw_name, pw->pw_dir); |
235 | return 0; | 236 | return 0; |
236 | } | 237 | } |
237 | if (strict_modes && | 238 | if (options.strict_modes && |
238 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | 239 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
239 | (st.st_mode & 022) != 0)) | 240 | (st.st_mode & 022) != 0)) |
240 | { | 241 | { |
@@ -261,7 +262,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user, | |||
261 | and make sure it is not writable by anyone but the owner. This is | 262 | and make sure it is not writable by anyone but the owner. This is |
262 | to help avoid novices accidentally allowing access to their account | 263 | to help avoid novices accidentally allowing access to their account |
263 | by anyone. */ | 264 | by anyone. */ |
264 | if (strict_modes && | 265 | if (options.strict_modes && |
265 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | 266 | ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || |
266 | (st.st_mode & 022) != 0)) | 267 | (st.st_mode & 022) != 0)) |
267 | { | 268 | { |
@@ -273,7 +274,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user, | |||
273 | 274 | ||
274 | /* Check if we have been configured to ignore .rhosts and .shosts | 275 | /* Check if we have been configured to ignore .rhosts and .shosts |
275 | files. */ | 276 | files. */ |
276 | if (ignore_rhosts) | 277 | if (options.ignore_rhosts) |
277 | { | 278 | { |
278 | packet_send_debug("Server has been configured to ignore %.100s.", | 279 | packet_send_debug("Server has been configured to ignore %.100s.", |
279 | rhosts_files[rhosts_file_index]); | 280 | rhosts_files[rhosts_file_index]); |
diff --git a/auth-rsa.c b/auth-rsa.c index dc1ad81a2..6968df58c 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -17,7 +17,7 @@ validity of the host key. | |||
17 | 17 | ||
18 | #include "config.h" | 18 | #include "config.h" |
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); | 20 | RCSID("$Id: auth-rsa.c,v 1.5 1999/11/12 04:19:27 damien Exp $"); |
21 | 21 | ||
22 | #include "rsa.h" | 22 | #include "rsa.h" |
23 | #include "packet.h" | 23 | #include "packet.h" |
@@ -25,6 +25,7 @@ RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); | |||
25 | #include "ssh.h" | 25 | #include "ssh.h" |
26 | #include "mpaux.h" | 26 | #include "mpaux.h" |
27 | #include "uidswap.h" | 27 | #include "uidswap.h" |
28 | #include "servconf.h" | ||
28 | 29 | ||
29 | #ifdef HAVE_OPENSSL | 30 | #ifdef HAVE_OPENSSL |
30 | #include <openssl/rsa.h> | 31 | #include <openssl/rsa.h> |
@@ -100,7 +101,6 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n) | |||
100 | len = BN_num_bytes(challenge); | 101 | len = BN_num_bytes(challenge); |
101 | if (len <= 0 || len > 32) | 102 | if (len <= 0 || len > 32) |
102 | fatal("auth_rsa_challenge_dialog: bad challenge length %d", len); | 103 | fatal("auth_rsa_challenge_dialog: bad challenge length %d", len); |
103 | |||
104 | memset(buf, 0, 32); | 104 | memset(buf, 0, 32); |
105 | BN_bn2bin(challenge, buf + 32 - len); | 105 | BN_bn2bin(challenge, buf + 32 - len); |
106 | MD5_Init(&md); | 106 | MD5_Init(&md); |
@@ -136,8 +136,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n) | |||
136 | successful. This may exit if there is a serious protocol violation. */ | 136 | successful. This may exit if there is a serious protocol violation. */ |
137 | 137 | ||
138 | int | 138 | int |
139 | auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes) | 139 | auth_rsa(struct passwd *pw, BIGNUM *client_n) |
140 | { | 140 | { |
141 | extern ServerOptions options; | ||
141 | char line[8192]; | 142 | char line[8192]; |
142 | int authenticated; | 143 | int authenticated; |
143 | unsigned int bits; | 144 | unsigned int bits; |
@@ -172,7 +173,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes) | |||
172 | return 0; | 173 | return 0; |
173 | } | 174 | } |
174 | 175 | ||
175 | if (strict_modes) { | 176 | if (options.strict_modes) { |
176 | int fail=0; | 177 | int fail=0; |
177 | char buf[1024]; | 178 | char buf[1024]; |
178 | /* Check open file in order to avoid open/stat races */ | 179 | /* Check open file in order to avoid open/stat races */ |
diff --git a/channels.c b/channels.c index 032e8f2af..c5ec1fc87 100644 --- a/channels.c +++ b/channels.c | |||
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection. | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); | 19 | RCSID("$Id: channels.c,v 1.5 1999/11/12 04:19:27 damien Exp $"); |
20 | 20 | ||
21 | #include "ssh.h" | 21 | #include "ssh.h" |
22 | #include "packet.h" | 22 | #include "packet.h" |
@@ -24,6 +24,7 @@ RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $"); | |||
24 | #include "buffer.h" | 24 | #include "buffer.h" |
25 | #include "authfd.h" | 25 | #include "authfd.h" |
26 | #include "uidswap.h" | 26 | #include "uidswap.h" |
27 | #include "readconf.h" | ||
27 | #include "servconf.h" | 28 | #include "servconf.h" |
28 | 29 | ||
29 | #include "channels.h" | 30 | #include "channels.h" |
diff --git a/clientloop.c b/clientloop.c index a236ce9b2..410dc54de 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -15,7 +15,7 @@ The main loop for the interactive session (client side). | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: clientloop.c,v 1.2 1999/11/11 06:57:39 damien Exp $"); | 18 | RCSID("$Id: clientloop.c,v 1.3 1999/11/12 04:19:27 damien Exp $"); |
19 | 19 | ||
20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
21 | #include "ssh.h" | 21 | #include "ssh.h" |
@@ -24,9 +24,6 @@ RCSID("$Id: clientloop.c,v 1.2 1999/11/11 06:57:39 damien Exp $"); | |||
24 | #include "authfd.h" | 24 | #include "authfd.h" |
25 | #include "readconf.h" | 25 | #include "readconf.h" |
26 | 26 | ||
27 | /* Flag indicating whether quiet mode is on. */ | ||
28 | extern Options options; | ||
29 | |||
30 | /* Flag indicating that stdin should be redirected from /dev/null. */ | 27 | /* Flag indicating that stdin should be redirected from /dev/null. */ |
31 | extern int stdin_null_flag; | 28 | extern int stdin_null_flag; |
32 | 29 | ||
@@ -764,6 +761,7 @@ void client_process_output(fd_set *writeset) | |||
764 | 761 | ||
765 | int client_loop(int have_pty, int escape_char_arg) | 762 | int client_loop(int have_pty, int escape_char_arg) |
766 | { | 763 | { |
764 | extern Options options; | ||
767 | double start_time, total_time; | 765 | double start_time, total_time; |
768 | int len; | 766 | int len; |
769 | char buf[100]; | 767 | char buf[100]; |
@@ -16,7 +16,7 @@ precision integers. | |||
16 | 16 | ||
17 | #include "config.h" | 17 | #include "config.h" |
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: mpaux.c,v 1.3 1999/10/28 05:23:30 damien Exp $"); | 19 | RCSID("$Id: mpaux.c,v 1.4 1999/11/12 04:19:27 damien Exp $"); |
20 | 20 | ||
21 | #ifdef HAVE_OPENSSL | 21 | #ifdef HAVE_OPENSSL |
22 | #include <openssl/bn.h> | 22 | #include <openssl/bn.h> |
@@ -50,5 +50,6 @@ compute_session_id(unsigned char session_id[16], | |||
50 | MD5_Init(&md); | 50 | MD5_Init(&md); |
51 | MD5_Update(&md, buf, bytes); | 51 | MD5_Update(&md, buf, bytes); |
52 | MD5_Final(session_id, &md); | 52 | MD5_Final(session_id, &md); |
53 | memset(buf, 0, bytes); | ||
53 | xfree(buf); | 54 | xfree(buf); |
54 | } | 55 | } |
diff --git a/servconf.c b/servconf.c index b1e52638c..f6d063989 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -12,7 +12,7 @@ Created: Mon Aug 21 15:48:58 1995 ylo | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$Id: servconf.c,v 1.3 1999/11/12 00:33:04 damien Exp $"); | 15 | RCSID("$Id: servconf.c,v 1.4 1999/11/12 04:19:27 damien Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "servconf.h" | 18 | #include "servconf.h" |
@@ -144,6 +144,7 @@ void fill_default_server_options(ServerOptions *options) | |||
144 | /* Keyword tokens. */ | 144 | /* Keyword tokens. */ |
145 | typedef enum | 145 | typedef enum |
146 | { | 146 | { |
147 | sBadOption, /* == unknown option */ | ||
147 | sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, | 148 | sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
148 | sPermitRootLogin, sLogFacility, sLogLevel, | 149 | sPermitRootLogin, sLogFacility, sLogLevel, |
149 | sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, | 150 | sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, |
@@ -260,9 +261,9 @@ static ServerOpCodes parse_token(const char *cp, const char *filename, | |||
260 | if (strcmp(cp, keywords[i].name) == 0) | 261 | if (strcmp(cp, keywords[i].name) == 0) |
261 | return keywords[i].opcode; | 262 | return keywords[i].opcode; |
262 | 263 | ||
263 | fprintf(stderr, "%s line %d: Bad configuration option: %s\n", | 264 | fprintf(stderr, "%s: line %d: Bad configuration option: %s\n", |
264 | filename, linenum, cp); | 265 | filename, linenum, cp); |
265 | exit(1); | 266 | return sBadOption; |
266 | } | 267 | } |
267 | 268 | ||
268 | /* Reads the server configuration file. */ | 269 | /* Reads the server configuration file. */ |
@@ -273,6 +274,7 @@ void read_server_config(ServerOptions *options, const char *filename) | |||
273 | char line[1024]; | 274 | char line[1024]; |
274 | char *cp, **charptr; | 275 | char *cp, **charptr; |
275 | int linenum, *intptr, i, value; | 276 | int linenum, *intptr, i, value; |
277 | int bad_options = 0; | ||
276 | ServerOpCodes opcode; | 278 | ServerOpCodes opcode; |
277 | 279 | ||
278 | f = fopen(filename, "r"); | 280 | f = fopen(filename, "r"); |
@@ -300,6 +302,9 @@ void read_server_config(ServerOptions *options, const char *filename) | |||
300 | opcode = parse_token(cp, filename, linenum); | 302 | opcode = parse_token(cp, filename, linenum); |
301 | switch (opcode) | 303 | switch (opcode) |
302 | { | 304 | { |
305 | case sBadOption: | ||
306 | bad_options++; | ||
307 | continue; | ||
303 | case sPort: | 308 | case sPort: |
304 | intptr = &options->port; | 309 | intptr = &options->port; |
305 | parse_int: | 310 | parse_int: |
@@ -596,4 +601,9 @@ void read_server_config(ServerOptions *options, const char *filename) | |||
596 | } | 601 | } |
597 | } | 602 | } |
598 | fclose(f); | 603 | fclose(f); |
604 | if (bad_options > 0) { | ||
605 | fprintf(stderr, "%s: terminating, %d bad configuration options\n", | ||
606 | filename, bad_options); | ||
607 | exit(1); | ||
608 | } | ||
599 | } | 609 | } |
diff --git a/ssh-keygen.c b/ssh-keygen.c index e2cb48fd9..4d950aee8 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -14,7 +14,7 @@ Identity and host key generation and maintenance. | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: ssh-keygen.c,v 1.2 1999/11/08 04:30:59 damien Exp $"); | 17 | RCSID("$Id: ssh-keygen.c,v 1.3 1999/11/12 04:19:27 damien Exp $"); |
18 | 18 | ||
19 | #include "rsa.h" | 19 | #include "rsa.h" |
20 | #include "ssh.h" | 20 | #include "ssh.h" |
@@ -117,7 +117,7 @@ do_change_passphrase(struct passwd *pw) | |||
117 | xfree(old_passphrase); | 117 | xfree(old_passphrase); |
118 | } | 118 | } |
119 | printf("Key has comment '%s'\n", comment); | 119 | printf("Key has comment '%s'\n", comment); |
120 | 120 | ||
121 | /* Ask the new passphrase (twice). */ | 121 | /* Ask the new passphrase (twice). */ |
122 | if (identity_new_passphrase) | 122 | if (identity_new_passphrase) |
123 | { | 123 | { |
@@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. | |||
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include "includes.h" | 20 | #include "includes.h" |
21 | RCSID("$Id: ssh.c,v 1.5 1999/11/11 06:57:40 damien Exp $"); | 21 | RCSID("$Id: ssh.c,v 1.6 1999/11/12 04:19:27 damien Exp $"); |
22 | 22 | ||
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "ssh.h" | 24 | #include "ssh.h" |
@@ -590,7 +590,7 @@ main(int ac, char **av) | |||
590 | 590 | ||
591 | /* Log into the remote system. This never returns if the login fails. */ | 591 | /* Log into the remote system. This never returns if the login fails. */ |
592 | ssh_login(host_private_key_loaded, host_private_key, | 592 | ssh_login(host_private_key_loaded, host_private_key, |
593 | host, &hostaddr, &options, original_real_uid); | 593 | host, &hostaddr, original_real_uid); |
594 | 594 | ||
595 | /* We no longer need the host private key. Clear it now. */ | 595 | /* We no longer need the host private key. Clear it now. */ |
596 | if (host_private_key_loaded) | 596 | if (host_private_key_loaded) |
@@ -13,7 +13,7 @@ Generic header file for ssh. | |||
13 | 13 | ||
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: ssh.h,v 1.11 1999/11/12 00:33:04 damien Exp $"); */ | 16 | /* RCSID("$Id: ssh.h,v 1.12 1999/11/12 04:19:27 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef SSH_H | 18 | #ifndef SSH_H |
19 | #define SSH_H | 19 | #define SSH_H |
@@ -221,60 +221,6 @@ only by root, whereas ssh_config should be world-readable. */ | |||
221 | #define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ | 221 | #define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ |
222 | #define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ | 222 | #define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ |
223 | 223 | ||
224 | |||
225 | /*------------ Definitions for logging. -----------------------*/ | ||
226 | |||
227 | /* Supported syslog facilities and levels. */ | ||
228 | typedef enum | ||
229 | { | ||
230 | SYSLOG_FACILITY_DAEMON, | ||
231 | SYSLOG_FACILITY_USER, | ||
232 | SYSLOG_FACILITY_AUTH, | ||
233 | SYSLOG_FACILITY_LOCAL0, | ||
234 | SYSLOG_FACILITY_LOCAL1, | ||
235 | SYSLOG_FACILITY_LOCAL2, | ||
236 | SYSLOG_FACILITY_LOCAL3, | ||
237 | SYSLOG_FACILITY_LOCAL4, | ||
238 | SYSLOG_FACILITY_LOCAL5, | ||
239 | SYSLOG_FACILITY_LOCAL6, | ||
240 | SYSLOG_FACILITY_LOCAL7 | ||
241 | } SyslogFacility; | ||
242 | |||
243 | typedef enum | ||
244 | { | ||
245 | SYSLOG_LEVEL_QUIET, | ||
246 | SYSLOG_LEVEL_FATAL, | ||
247 | SYSLOG_LEVEL_ERROR, | ||
248 | SYSLOG_LEVEL_INFO, | ||
249 | SYSLOG_LEVEL_CHAT, | ||
250 | SYSLOG_LEVEL_DEBUG | ||
251 | } LogLevel; | ||
252 | |||
253 | /* Initializes logging. */ | ||
254 | void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr); | ||
255 | |||
256 | /* Logging implementation, depending on server or client */ | ||
257 | void do_log(LogLevel level, const char *fmt, va_list args); | ||
258 | |||
259 | /* Output a message to syslog or stderr */ | ||
260 | void fatal(const char *fmt, ...); | ||
261 | void error(const char *fmt, ...); | ||
262 | void log(const char *fmt, ...); | ||
263 | void chat(const char *fmt, ...); | ||
264 | void debug(const char *fmt, ...); | ||
265 | |||
266 | /* same as fatal() but w/o logging */ | ||
267 | void fatal_cleanup(void); | ||
268 | |||
269 | /* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting. | ||
270 | It is permissible to call fatal_remove_cleanup for the function itself | ||
271 | from the function. */ | ||
272 | void fatal_add_cleanup(void (*proc)(void *context), void *context); | ||
273 | |||
274 | /* Removes a cleanup function to be called at fatal(). */ | ||
275 | void fatal_remove_cleanup(void (*proc)(void *context), void *context); | ||
276 | |||
277 | |||
278 | /*------------ definitions for login.c -------------*/ | 224 | /*------------ definitions for login.c -------------*/ |
279 | 225 | ||
280 | /* Returns the time when the user last logged in. Returns 0 if the | 226 | /* Returns the time when the user last logged in. Returns 0 if the |
@@ -314,21 +260,15 @@ int ssh_connect(const char *host, struct sockaddr_in *hostaddr, | |||
314 | This initializes the random state, and leaves it initialized (it will also | 260 | This initializes the random state, and leaves it initialized (it will also |
315 | have references from the packet module). */ | 261 | have references from the packet module). */ |
316 | 262 | ||
317 | /* for Options */ | ||
318 | #include "readconf.h" | ||
319 | |||
320 | void ssh_login(int host_key_valid, RSA *host_key, const char *host, | 263 | void ssh_login(int host_key_valid, RSA *host_key, const char *host, |
321 | struct sockaddr_in *hostaddr, Options *options, | 264 | struct sockaddr_in *hostaddr, uid_t original_real_uid); |
322 | uid_t original_real_uid); | ||
323 | 265 | ||
324 | /*------------ Definitions for various authentication methods. -------*/ | 266 | /*------------ Definitions for various authentication methods. -------*/ |
325 | 267 | ||
326 | /* Tries to authenticate the user using the .rhosts file. Returns true if | 268 | /* Tries to authenticate the user using the .rhosts file. Returns true if |
327 | authentication succeeds. If ignore_rhosts is non-zero, this will not | 269 | authentication succeeds. If ignore_rhosts is non-zero, this will not |
328 | consider .rhosts and .shosts (/etc/hosts.equiv will still be used). | 270 | consider .rhosts and .shosts (/etc/hosts.equiv will still be used). */ |
329 | If strict_modes is true, checks ownership and modes of .rhosts/.shosts. */ | 271 | int auth_rhosts(struct passwd *pw, const char *client_user); |
330 | int auth_rhosts(struct passwd *pw, const char *client_user, | ||
331 | int ignore_rhosts, int strict_modes); | ||
332 | 272 | ||
333 | /* Tries to authenticate the user using the .rhosts file and the host using | 273 | /* Tries to authenticate the user using the .rhosts file and the host using |
334 | its host key. Returns true if authentication succeeds. */ | 274 | its host key. Returns true if authentication succeeds. */ |
@@ -343,7 +283,7 @@ int auth_password(struct passwd *pw, const char *password); | |||
343 | /* Performs the RSA authentication dialog with the client. This returns | 283 | /* Performs the RSA authentication dialog with the client. This returns |
344 | 0 if the client could not be authenticated, and 1 if authentication was | 284 | 0 if the client could not be authenticated, and 1 if authentication was |
345 | successful. This may exit if there is a serious protocol violation. */ | 285 | successful. This may exit if there is a serious protocol violation. */ |
346 | int auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes); | 286 | int auth_rsa(struct passwd *pw, BIGNUM *client_n); |
347 | 287 | ||
348 | /* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer | 288 | /* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer |
349 | over the key. Skips any whitespace at the beginning and at end. */ | 289 | over the key. Skips any whitespace at the beginning and at end. */ |
@@ -421,6 +361,58 @@ int load_public_key(const char *filename, RSA *pub, | |||
421 | int load_private_key(const char *filename, const char *passphrase, | 361 | int load_private_key(const char *filename, const char *passphrase, |
422 | RSA *private_key, char **comment_return); | 362 | RSA *private_key, char **comment_return); |
423 | 363 | ||
364 | /*------------ Definitions for logging. -----------------------*/ | ||
365 | |||
366 | /* Supported syslog facilities and levels. */ | ||
367 | typedef enum | ||
368 | { | ||
369 | SYSLOG_FACILITY_DAEMON, | ||
370 | SYSLOG_FACILITY_USER, | ||
371 | SYSLOG_FACILITY_AUTH, | ||
372 | SYSLOG_FACILITY_LOCAL0, | ||
373 | SYSLOG_FACILITY_LOCAL1, | ||
374 | SYSLOG_FACILITY_LOCAL2, | ||
375 | SYSLOG_FACILITY_LOCAL3, | ||
376 | SYSLOG_FACILITY_LOCAL4, | ||
377 | SYSLOG_FACILITY_LOCAL5, | ||
378 | SYSLOG_FACILITY_LOCAL6, | ||
379 | SYSLOG_FACILITY_LOCAL7 | ||
380 | } SyslogFacility; | ||
381 | |||
382 | typedef enum | ||
383 | { | ||
384 | SYSLOG_LEVEL_QUIET, | ||
385 | SYSLOG_LEVEL_FATAL, | ||
386 | SYSLOG_LEVEL_ERROR, | ||
387 | SYSLOG_LEVEL_INFO, | ||
388 | SYSLOG_LEVEL_CHAT, | ||
389 | SYSLOG_LEVEL_DEBUG | ||
390 | } LogLevel; | ||
391 | |||
392 | /* Initializes logging. */ | ||
393 | void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr); | ||
394 | |||
395 | /* Logging implementation, depending on server or client */ | ||
396 | void do_log(LogLevel level, const char *fmt, va_list args); | ||
397 | |||
398 | /* Output a message to syslog or stderr */ | ||
399 | void fatal(const char *fmt, ...); | ||
400 | void error(const char *fmt, ...); | ||
401 | void log(const char *fmt, ...); | ||
402 | void chat(const char *fmt, ...); | ||
403 | void debug(const char *fmt, ...); | ||
404 | |||
405 | /* same as fatal() but w/o logging */ | ||
406 | void fatal_cleanup(void); | ||
407 | |||
408 | /* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting. | ||
409 | It is permissible to call fatal_remove_cleanup for the function itself | ||
410 | from the function. */ | ||
411 | void fatal_add_cleanup(void (*proc)(void *context), void *context); | ||
412 | |||
413 | /* Removes a cleanup function to be called at fatal(). */ | ||
414 | void fatal_remove_cleanup(void (*proc)(void *context), void *context); | ||
415 | |||
424 | /*---------------- definitions for channels ------------------*/ | 416 | /*---------------- definitions for channels ------------------*/ |
425 | 417 | ||
426 | /* Sets specific protocol options. */ | 418 | /* Sets specific protocol options. */ |
diff --git a/sshconnect.c b/sshconnect.c index a16e25a8d..80e4aff4a 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -16,7 +16,7 @@ login (authentication) dialog. | |||
16 | 16 | ||
17 | #include "config.h" | 17 | #include "config.h" |
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $"); | 19 | RCSID("$Id: sshconnect.c,v 1.6 1999/11/12 04:19:27 damien Exp $"); |
20 | 20 | ||
21 | #ifdef HAVE_OPENSSL | 21 | #ifdef HAVE_OPENSSL |
22 | #include <openssl/bn.h> | 22 | #include <openssl/bn.h> |
@@ -36,7 +36,7 @@ RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $"); | |||
36 | #include "mpaux.h" | 36 | #include "mpaux.h" |
37 | #include "uidswap.h" | 37 | #include "uidswap.h" |
38 | #include "compat.h" | 38 | #include "compat.h" |
39 | 39 | #include "readconf.h" | |
40 | 40 | ||
41 | /* Session id for the current session. */ | 41 | /* Session id for the current session. */ |
42 | unsigned char session_id[16]; | 42 | unsigned char session_id[16]; |
@@ -486,9 +486,9 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv) | |||
486 | the user using it. */ | 486 | the user using it. */ |
487 | 487 | ||
488 | int | 488 | int |
489 | try_rsa_authentication(struct passwd *pw, const char *authfile, | 489 | try_rsa_authentication(struct passwd *pw, const char *authfile) |
490 | int may_ask_passphrase) | ||
491 | { | 490 | { |
491 | extern Options options; | ||
492 | BIGNUM *challenge; | 492 | BIGNUM *challenge; |
493 | RSA *private_key; | 493 | RSA *private_key; |
494 | RSA *public_key; | 494 | RSA *public_key; |
@@ -550,7 +550,7 @@ try_rsa_authentication(struct passwd *pw, const char *authfile, | |||
550 | return. */ | 550 | return. */ |
551 | snprintf(buf, sizeof buf, | 551 | snprintf(buf, sizeof buf, |
552 | "Enter passphrase for RSA key '%.100s': ", comment); | 552 | "Enter passphrase for RSA key '%.100s': ", comment); |
553 | if (may_ask_passphrase) | 553 | if (!options.batch_mode) |
554 | passphrase = read_passphrase(buf, 0); | 554 | passphrase = read_passphrase(buf, 0); |
555 | else | 555 | else |
556 | { | 556 | { |
@@ -1014,8 +1014,9 @@ void ssh_login(int host_key_valid, | |||
1014 | RSA *own_host_key, | 1014 | RSA *own_host_key, |
1015 | const char *orighost, | 1015 | const char *orighost, |
1016 | struct sockaddr_in *hostaddr, | 1016 | struct sockaddr_in *hostaddr, |
1017 | Options *options, uid_t original_real_uid) | 1017 | uid_t original_real_uid) |
1018 | { | 1018 | { |
1019 | extern Options options; | ||
1019 | int i, type; | 1020 | int i, type; |
1020 | char *password; | 1021 | char *password; |
1021 | struct passwd *pw; | 1022 | struct passwd *pw; |
@@ -1035,7 +1036,7 @@ void ssh_login(int host_key_valid, | |||
1035 | int payload_len, clen, sum_len = 0; | 1036 | int payload_len, clen, sum_len = 0; |
1036 | u_int32_t rand = 0; | 1037 | u_int32_t rand = 0; |
1037 | 1038 | ||
1038 | if (options->check_host_ip) | 1039 | if (options.check_host_ip) |
1039 | ip = xstrdup(inet_ntoa(hostaddr->sin_addr)); | 1040 | ip = xstrdup(inet_ntoa(hostaddr->sin_addr)); |
1040 | 1041 | ||
1041 | /* Convert the user-supplied hostname into all lowercase. */ | 1042 | /* Convert the user-supplied hostname into all lowercase. */ |
@@ -1056,7 +1057,7 @@ void ssh_login(int host_key_valid, | |||
1056 | if (!pw) | 1057 | if (!pw) |
1057 | fatal("User id %d not found from user database.", original_real_uid); | 1058 | fatal("User id %d not found from user database.", original_real_uid); |
1058 | local_user = xstrdup(pw->pw_name); | 1059 | local_user = xstrdup(pw->pw_name); |
1059 | server_user = options->user ? options->user : local_user; | 1060 | server_user = options.user ? options.user : local_user; |
1060 | 1061 | ||
1061 | debug("Waiting for server public key."); | 1062 | debug("Waiting for server public key."); |
1062 | 1063 | ||
@@ -1132,12 +1133,12 @@ void ssh_login(int host_key_valid, | |||
1132 | 1133 | ||
1133 | /* Check if the host key is present in the user\'s list of known hosts | 1134 | /* Check if the host key is present in the user\'s list of known hosts |
1134 | or in the systemwide list. */ | 1135 | or in the systemwide list. */ |
1135 | host_status = check_host_in_hostfile(options->user_hostfile, | 1136 | host_status = check_host_in_hostfile(options.user_hostfile, |
1136 | host, BN_num_bits(host_key->n), | 1137 | host, BN_num_bits(host_key->n), |
1137 | host_key->e, host_key->n, | 1138 | host_key->e, host_key->n, |
1138 | file_key->e, file_key->n); | 1139 | file_key->e, file_key->n); |
1139 | if (host_status == HOST_NEW) | 1140 | if (host_status == HOST_NEW) |
1140 | host_status = check_host_in_hostfile(options->system_hostfile, host, | 1141 | host_status = check_host_in_hostfile(options.system_hostfile, host, |
1141 | BN_num_bits(host_key->n), | 1142 | BN_num_bits(host_key->n), |
1142 | host_key->e, host_key->n, | 1143 | host_key->e, host_key->n, |
1143 | file_key->e, file_key->n); | 1144 | file_key->e, file_key->n); |
@@ -1154,17 +1155,17 @@ void ssh_login(int host_key_valid, | |||
1154 | 1155 | ||
1155 | /* Also perform check for the ip address, skip the check if we are | 1156 | /* Also perform check for the ip address, skip the check if we are |
1156 | localhost or the hostname was an ip address to begin with */ | 1157 | localhost or the hostname was an ip address to begin with */ |
1157 | if (options->check_host_ip && !local && strcmp(host, ip)) { | 1158 | if (options.check_host_ip && !local && strcmp(host, ip)) { |
1158 | RSA *ip_key = RSA_new(); | 1159 | RSA *ip_key = RSA_new(); |
1159 | ip_key->n = BN_new(); | 1160 | ip_key->n = BN_new(); |
1160 | ip_key->e = BN_new(); | 1161 | ip_key->e = BN_new(); |
1161 | ip_status = check_host_in_hostfile(options->user_hostfile, ip, | 1162 | ip_status = check_host_in_hostfile(options.user_hostfile, ip, |
1162 | BN_num_bits(host_key->n), | 1163 | BN_num_bits(host_key->n), |
1163 | host_key->e, host_key->n, | 1164 | host_key->e, host_key->n, |
1164 | ip_key->e, ip_key->n); | 1165 | ip_key->e, ip_key->n); |
1165 | 1166 | ||
1166 | if (ip_status == HOST_NEW) | 1167 | if (ip_status == HOST_NEW) |
1167 | ip_status = check_host_in_hostfile(options->system_hostfile, ip, | 1168 | ip_status = check_host_in_hostfile(options.system_hostfile, ip, |
1168 | BN_num_bits(host_key->n), | 1169 | BN_num_bits(host_key->n), |
1169 | host_key->e, host_key->n, | 1170 | host_key->e, host_key->n, |
1170 | ip_key->e, ip_key->n); | 1171 | ip_key->e, ip_key->n); |
@@ -1183,13 +1184,13 @@ void ssh_login(int host_key_valid, | |||
1183 | case HOST_OK: | 1184 | case HOST_OK: |
1184 | /* The host is known and the key matches. */ | 1185 | /* The host is known and the key matches. */ |
1185 | debug("Host '%.200s' is known and matches the host key.", host); | 1186 | debug("Host '%.200s' is known and matches the host key.", host); |
1186 | if (options->check_host_ip) { | 1187 | if (options.check_host_ip) { |
1187 | if (ip_status == HOST_NEW) { | 1188 | if (ip_status == HOST_NEW) { |
1188 | if (!add_host_to_hostfile(options->user_hostfile, ip, | 1189 | if (!add_host_to_hostfile(options.user_hostfile, ip, |
1189 | BN_num_bits(host_key->n), | 1190 | BN_num_bits(host_key->n), |
1190 | host_key->e, host_key->n)) | 1191 | host_key->e, host_key->n)) |
1191 | log("Failed to add the host ip to the list of known hosts (%.30s).", | 1192 | log("Failed to add the host ip to the list of known hosts (%.30s).", |
1192 | options->user_hostfile); | 1193 | options.user_hostfile); |
1193 | else | 1194 | else |
1194 | log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip); | 1195 | log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip); |
1195 | } else if (ip_status != HOST_OK) | 1196 | } else if (ip_status != HOST_OK) |
@@ -1201,12 +1202,12 @@ void ssh_login(int host_key_valid, | |||
1201 | { | 1202 | { |
1202 | char hostline[1000], *hostp = hostline; | 1203 | char hostline[1000], *hostp = hostline; |
1203 | /* The host is new. */ | 1204 | /* The host is new. */ |
1204 | if (options->strict_host_key_checking == 1) { | 1205 | if (options.strict_host_key_checking == 1) { |
1205 | /* User has requested strict host key checking. We will not | 1206 | /* User has requested strict host key checking. We will not |
1206 | add the host key automatically. The only alternative left | 1207 | add the host key automatically. The only alternative left |
1207 | is to abort. */ | 1208 | is to abort. */ |
1208 | fatal("No host key is known for %.200s and you have requested strict checking.", host); | 1209 | fatal("No host key is known for %.200s and you have requested strict checking.", host); |
1209 | } else if (options->strict_host_key_checking == 2) { /* The default */ | 1210 | } else if (options.strict_host_key_checking == 2) { /* The default */ |
1210 | char prompt[1024]; | 1211 | char prompt[1024]; |
1211 | snprintf(prompt, sizeof(prompt), | 1212 | snprintf(prompt, sizeof(prompt), |
1212 | "The authenticity of host '%.200s' can't be established.\n" | 1213 | "The authenticity of host '%.200s' can't be established.\n" |
@@ -1216,25 +1217,25 @@ void ssh_login(int host_key_valid, | |||
1216 | fatal("Aborted by user!\n"); | 1217 | fatal("Aborted by user!\n"); |
1217 | } | 1218 | } |
1218 | 1219 | ||
1219 | if (options->check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) | 1220 | if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip)) |
1220 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); | 1221 | snprintf(hostline, sizeof(hostline), "%s,%s", host, ip); |
1221 | else | 1222 | else |
1222 | hostp = host; | 1223 | hostp = host; |
1223 | 1224 | ||
1224 | /* If not in strict mode, add the key automatically to the local | 1225 | /* If not in strict mode, add the key automatically to the local |
1225 | known_hosts file. */ | 1226 | known_hosts file. */ |
1226 | if (!add_host_to_hostfile(options->user_hostfile, hostp, | 1227 | if (!add_host_to_hostfile(options.user_hostfile, hostp, |
1227 | BN_num_bits(host_key->n), | 1228 | BN_num_bits(host_key->n), |
1228 | host_key->e, host_key->n)) | 1229 | host_key->e, host_key->n)) |
1229 | log("Failed to add the host to the list of known hosts (%.500s).", | 1230 | log("Failed to add the host to the list of known hosts (%.500s).", |
1230 | options->user_hostfile); | 1231 | options.user_hostfile); |
1231 | else | 1232 | else |
1232 | log("Warning: Permanently added '%.200s' to the list of known hosts.", | 1233 | log("Warning: Permanently added '%.200s' to the list of known hosts.", |
1233 | hostp); | 1234 | hostp); |
1234 | break; | 1235 | break; |
1235 | } | 1236 | } |
1236 | case HOST_CHANGED: | 1237 | case HOST_CHANGED: |
1237 | if (options->check_host_ip) { | 1238 | if (options.check_host_ip) { |
1238 | if (host_ip_differ) { | 1239 | if (host_ip_differ) { |
1239 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 1240 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
1240 | error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); | 1241 | error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @"); |
@@ -1256,23 +1257,23 @@ void ssh_login(int host_key_valid, | |||
1256 | error("It is also possible that the host key has just been changed."); | 1257 | error("It is also possible that the host key has just been changed."); |
1257 | error("Please contact your system administrator."); | 1258 | error("Please contact your system administrator."); |
1258 | error("Add correct host key in %.100s to get rid of this message.", | 1259 | error("Add correct host key in %.100s to get rid of this message.", |
1259 | options->user_hostfile); | 1260 | options.user_hostfile); |
1260 | 1261 | ||
1261 | /* If strict host key checking is in use, the user will have to edit | 1262 | /* If strict host key checking is in use, the user will have to edit |
1262 | the key manually and we can only abort. */ | 1263 | the key manually and we can only abort. */ |
1263 | if (options->strict_host_key_checking) | 1264 | if (options.strict_host_key_checking) |
1264 | fatal("Host key for %.200s has changed and you have requested strict checking.", host); | 1265 | fatal("Host key for %.200s has changed and you have requested strict checking.", host); |
1265 | 1266 | ||
1266 | /* If strict host key checking has not been requested, allow the | 1267 | /* If strict host key checking has not been requested, allow the |
1267 | connection but without password authentication or | 1268 | connection but without password authentication or |
1268 | agent forwarding. */ | 1269 | agent forwarding. */ |
1269 | if (options->password_authentication) { | 1270 | if (options.password_authentication) { |
1270 | error("Password authentication is disabled to avoid trojan horses."); | 1271 | error("Password authentication is disabled to avoid trojan horses."); |
1271 | options->password_authentication = 0; | 1272 | options.password_authentication = 0; |
1272 | } | 1273 | } |
1273 | if (options->forward_agent) { | 1274 | if (options.forward_agent) { |
1274 | error("Agent forwarding is disabled to avoid trojan horses."); | 1275 | error("Agent forwarding is disabled to avoid trojan horses."); |
1275 | options->forward_agent = 0; | 1276 | options.forward_agent = 0; |
1276 | } | 1277 | } |
1277 | /* XXX Should permit the user to change to use the new id. This could | 1278 | /* XXX Should permit the user to change to use the new id. This could |
1278 | be done by converting the host key to an identifying sentence, tell | 1279 | be done by converting the host key to an identifying sentence, tell |
@@ -1281,7 +1282,7 @@ void ssh_login(int host_key_valid, | |||
1281 | break; | 1282 | break; |
1282 | } | 1283 | } |
1283 | 1284 | ||
1284 | if (options->check_host_ip) | 1285 | if (options.check_host_ip) |
1285 | xfree(ip); | 1286 | xfree(ip); |
1286 | 1287 | ||
1287 | /* Generate a session key. */ | 1288 | /* Generate a session key. */ |
@@ -1344,27 +1345,27 @@ void ssh_login(int host_key_valid, | |||
1344 | rsa_public_encrypt(key, key, public_key); | 1345 | rsa_public_encrypt(key, key, public_key); |
1345 | } | 1346 | } |
1346 | 1347 | ||
1347 | if (options->cipher == SSH_CIPHER_NOT_SET) { | 1348 | if (options.cipher == SSH_CIPHER_NOT_SET) { |
1348 | if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default)) | 1349 | if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default)) |
1349 | options->cipher = ssh_cipher_default; | 1350 | options.cipher = ssh_cipher_default; |
1350 | else { | 1351 | else { |
1351 | debug("Cipher %d not supported, using %.100s instead.", | 1352 | debug("Cipher %d not supported, using %.100s instead.", |
1352 | cipher_name(ssh_cipher_default), | 1353 | cipher_name(ssh_cipher_default), |
1353 | cipher_name(SSH_FALLBACK_CIPHER)); | 1354 | cipher_name(SSH_FALLBACK_CIPHER)); |
1354 | options->cipher = SSH_FALLBACK_CIPHER; | 1355 | options.cipher = SSH_FALLBACK_CIPHER; |
1355 | } | 1356 | } |
1356 | } | 1357 | } |
1357 | 1358 | ||
1358 | /* Check that the selected cipher is supported. */ | 1359 | /* Check that the selected cipher is supported. */ |
1359 | if (!(supported_ciphers & (1 << options->cipher))) | 1360 | if (!(supported_ciphers & (1 << options.cipher))) |
1360 | fatal("Selected cipher type %.100s not supported by server.", | 1361 | fatal("Selected cipher type %.100s not supported by server.", |
1361 | cipher_name(options->cipher)); | 1362 | cipher_name(options.cipher)); |
1362 | 1363 | ||
1363 | debug("Encryption type: %.100s", cipher_name(options->cipher)); | 1364 | debug("Encryption type: %.100s", cipher_name(options.cipher)); |
1364 | 1365 | ||
1365 | /* Send the encrypted session key to the server. */ | 1366 | /* Send the encrypted session key to the server. */ |
1366 | packet_start(SSH_CMSG_SESSION_KEY); | 1367 | packet_start(SSH_CMSG_SESSION_KEY); |
1367 | packet_put_char(options->cipher); | 1368 | packet_put_char(options.cipher); |
1368 | 1369 | ||
1369 | /* Send the check bytes back to the server. */ | 1370 | /* Send the check bytes back to the server. */ |
1370 | for (i = 0; i < 8; i++) | 1371 | for (i = 0; i < 8; i++) |
@@ -1390,7 +1391,7 @@ void ssh_login(int host_key_valid, | |||
1390 | 1391 | ||
1391 | /* Set the encryption key. */ | 1392 | /* Set the encryption key. */ |
1392 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, | 1393 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, |
1393 | options->cipher, 1); | 1394 | options.cipher, 1); |
1394 | 1395 | ||
1395 | /* We will no longer need the session key here. Destroy any extra copies. */ | 1396 | /* We will no longer need the session key here. Destroy any extra copies. */ |
1396 | memset(session_key, 0, sizeof(session_key)); | 1397 | memset(session_key, 0, sizeof(session_key)); |
@@ -1420,17 +1421,17 @@ void ssh_login(int host_key_valid, | |||
1420 | #ifdef AFS | 1421 | #ifdef AFS |
1421 | /* Try Kerberos tgt passing if the server supports it. */ | 1422 | /* Try Kerberos tgt passing if the server supports it. */ |
1422 | if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && | 1423 | if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && |
1423 | options->kerberos_tgt_passing) | 1424 | options.kerberos_tgt_passing) |
1424 | { | 1425 | { |
1425 | if (options->cipher == SSH_CIPHER_NONE) | 1426 | if (options.cipher == SSH_CIPHER_NONE) |
1426 | log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); | 1427 | log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); |
1427 | (void)send_kerberos_tgt(); | 1428 | (void)send_kerberos_tgt(); |
1428 | } | 1429 | } |
1429 | 1430 | ||
1430 | /* Try AFS token passing if the server supports it. */ | 1431 | /* Try AFS token passing if the server supports it. */ |
1431 | if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && | 1432 | if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && |
1432 | options->afs_token_passing && k_hasafs()) { | 1433 | options.afs_token_passing && k_hasafs()) { |
1433 | if (options->cipher == SSH_CIPHER_NONE) | 1434 | if (options.cipher == SSH_CIPHER_NONE) |
1434 | log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); | 1435 | log("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); |
1435 | send_afs_tokens(); | 1436 | send_afs_tokens(); |
1436 | } | 1437 | } |
@@ -1438,7 +1439,7 @@ void ssh_login(int host_key_valid, | |||
1438 | 1439 | ||
1439 | #ifdef KRB4 | 1440 | #ifdef KRB4 |
1440 | if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && | 1441 | if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && |
1441 | options->kerberos_authentication) | 1442 | options.kerberos_authentication) |
1442 | { | 1443 | { |
1443 | debug("Trying Kerberos authentication."); | 1444 | debug("Trying Kerberos authentication."); |
1444 | if (try_kerberos_authentication()) { | 1445 | if (try_kerberos_authentication()) { |
@@ -1455,7 +1456,7 @@ void ssh_login(int host_key_valid, | |||
1455 | /* Use rhosts authentication if running in privileged socket and we do not | 1456 | /* Use rhosts authentication if running in privileged socket and we do not |
1456 | wish to remain anonymous. */ | 1457 | wish to remain anonymous. */ |
1457 | if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && | 1458 | if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && |
1458 | options->rhosts_authentication) | 1459 | options.rhosts_authentication) |
1459 | { | 1460 | { |
1460 | debug("Trying rhosts authentication."); | 1461 | debug("Trying rhosts authentication."); |
1461 | packet_start(SSH_CMSG_AUTH_RHOSTS); | 1462 | packet_start(SSH_CMSG_AUTH_RHOSTS); |
@@ -1475,7 +1476,7 @@ void ssh_login(int host_key_valid, | |||
1475 | /* Try .rhosts or /etc/hosts.equiv authentication with RSA host | 1476 | /* Try .rhosts or /etc/hosts.equiv authentication with RSA host |
1476 | authentication. */ | 1477 | authentication. */ |
1477 | if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && | 1478 | if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && |
1478 | options->rhosts_rsa_authentication && host_key_valid) | 1479 | options.rhosts_rsa_authentication && host_key_valid) |
1479 | { | 1480 | { |
1480 | if (try_rhosts_rsa_authentication(local_user, own_host_key)) | 1481 | if (try_rhosts_rsa_authentication(local_user, own_host_key)) |
1481 | return; /* Successful authentication. */ | 1482 | return; /* Successful authentication. */ |
@@ -1483,7 +1484,7 @@ void ssh_login(int host_key_valid, | |||
1483 | 1484 | ||
1484 | /* Try RSA authentication if the server supports it. */ | 1485 | /* Try RSA authentication if the server supports it. */ |
1485 | if ((supported_authentications & (1 << SSH_AUTH_RSA)) && | 1486 | if ((supported_authentications & (1 << SSH_AUTH_RSA)) && |
1486 | options->rsa_authentication) | 1487 | options.rsa_authentication) |
1487 | { | 1488 | { |
1488 | /* Try RSA authentication using the authentication agent. The agent | 1489 | /* Try RSA authentication using the authentication agent. The agent |
1489 | is tried first because no passphrase is needed for it, whereas | 1490 | is tried first because no passphrase is needed for it, whereas |
@@ -1492,23 +1493,22 @@ void ssh_login(int host_key_valid, | |||
1492 | return; /* Successful connection. */ | 1493 | return; /* Successful connection. */ |
1493 | 1494 | ||
1494 | /* Try RSA authentication for each identity. */ | 1495 | /* Try RSA authentication for each identity. */ |
1495 | for (i = 0; i < options->num_identity_files; i++) | 1496 | for (i = 0; i < options.num_identity_files; i++) |
1496 | if (try_rsa_authentication(pw, options->identity_files[i], | 1497 | if (try_rsa_authentication(pw, options.identity_files[i])) |
1497 | !options->batch_mode)) | ||
1498 | return; /* Successful connection. */ | 1498 | return; /* Successful connection. */ |
1499 | } | 1499 | } |
1500 | 1500 | ||
1501 | /* Try password authentication if the server supports it. */ | 1501 | /* Try password authentication if the server supports it. */ |
1502 | if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && | 1502 | if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && |
1503 | options->password_authentication && !options->batch_mode) | 1503 | options.password_authentication && !options.batch_mode) |
1504 | { | 1504 | { |
1505 | char prompt[80]; | 1505 | char prompt[80]; |
1506 | snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ", | 1506 | snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ", |
1507 | server_user, host); | 1507 | server_user, host); |
1508 | debug("Doing password authentication."); | 1508 | debug("Doing password authentication."); |
1509 | if (options->cipher == SSH_CIPHER_NONE) | 1509 | if (options.cipher == SSH_CIPHER_NONE) |
1510 | log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); | 1510 | log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); |
1511 | for (i = 0; i < options->number_of_password_prompts; i++) { | 1511 | for (i = 0; i < options.number_of_password_prompts; i++) { |
1512 | if (i != 0) | 1512 | if (i != 0) |
1513 | error("Permission denied, please try again."); | 1513 | error("Permission denied, please try again."); |
1514 | password = read_passphrase(prompt, 0); | 1514 | password = read_passphrase(prompt, 0); |
@@ -18,7 +18,7 @@ agent connections. | |||
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include "includes.h" | 20 | #include "includes.h" |
21 | RCSID("$Id: sshd.c,v 1.16 1999/11/12 00:33:04 damien Exp $"); | 21 | RCSID("$Id: sshd.c,v 1.17 1999/11/12 04:19:27 damien Exp $"); |
22 | 22 | ||
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "rsa.h" | 24 | #include "rsa.h" |
@@ -1343,8 +1343,7 @@ do_authentication(char *user, int privileged_port) | |||
1343 | } | 1343 | } |
1344 | 1344 | ||
1345 | /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ | 1345 | /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ |
1346 | if (auth_rhosts(pw, client_user, options.ignore_rhosts, | 1346 | if (auth_rhosts(pw, client_user)) |
1347 | options.strict_modes)) | ||
1348 | { | 1347 | { |
1349 | /* Authentication accepted. */ | 1348 | /* Authentication accepted. */ |
1350 | log("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", | 1349 | log("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", |
@@ -1431,7 +1430,7 @@ do_authentication(char *user, int privileged_port) | |||
1431 | 1430 | ||
1432 | packet_integrity_check(plen, nlen, type); | 1431 | packet_integrity_check(plen, nlen, type); |
1433 | 1432 | ||
1434 | if (auth_rsa(pw, n, options.strict_modes)) | 1433 | if (auth_rsa(pw, n)) |
1435 | { | 1434 | { |
1436 | /* Successful authentication. */ | 1435 | /* Successful authentication. */ |
1437 | BN_clear_free(n); | 1436 | BN_clear_free(n); |