summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog19
-rw-r--r--canohost.c30
-rw-r--r--channels.c20
-rw-r--r--mpaux.c12
-rw-r--r--pty.c5
-rw-r--r--ssh.16
-rw-r--r--ssh.c5
-rw-r--r--ssh.h6
-rw-r--r--sshconnect.c246
-rw-r--r--sshd.c36
-rw-r--r--version.h2
11 files changed, 229 insertions, 158 deletions
diff --git a/ChangeLog b/ChangeLog
index 28032d246..079660174 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
119991214
2 - OpenBSD CVS Changes
3 - [canohost.c]
4 fix get_remote_port() and friends for sshd -i;
5 Holger.Trapp@Informatik.TU-Chemnitz.DE
6 - [mpaux.c]
7 make code simpler. no need for memcpy. niels@ ok
8 - [pty.c]
9 namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
10 fix proto; markus
11 - [ssh.1]
12 typo; mark.baushke@solipsa.com
13 - [channels.c ssh.c ssh.h sshd.c]
14 type conflict for 'extern Type *options' in channels.c; dot@dotat.at
15 - [sshconnect.c]
16 move checking of hostkey into own function.
17 - [version.h]
18 OpenSSH-1.2.1
19
119991211 2019991211
2 - Fix compilation on systems with AFS. Reported by 21 - Fix compilation on systems with AFS. Reported by
3 aloomis@glue.umd.edu 22 aloomis@glue.umd.edu
diff --git a/canohost.c b/canohost.c
index 4209b6ab8..e61628b77 100644
--- a/canohost.c
+++ b/canohost.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$Id: canohost.c,v 1.4 1999/11/25 00:54:58 damien Exp $"); 17RCSID("$Id: canohost.c,v 1.5 1999/12/13 23:47:15 damien Exp $");
18 18
19#include "packet.h" 19#include "packet.h"
20#include "xmalloc.h" 20#include "xmalloc.h"
@@ -143,6 +143,28 @@ check_ip_options:
143static char *canonical_host_name = NULL; 143static char *canonical_host_name = NULL;
144static char *canonical_host_ip = NULL; 144static char *canonical_host_ip = NULL;
145 145
146/* Returns 1 if remote host is connected via socket, 0 if not. */
147
148int
149peer_connection_is_on_socket()
150{
151 struct sockaddr_in from;
152 int fromlen;
153 int in = packet_get_connection_in();
154 int out = packet_get_connection_out();
155
156 /* filedescriptors in and out are the same, so it's a socket */
157 if (in == out)
158 return 1;
159 fromlen = sizeof(from);
160 memset(&from, 0, sizeof(from));
161 if (getpeername(in, (struct sockaddr *) & from, &fromlen) < 0)
162 return 0;
163 if (from.sin_family != AF_INET && from.sin_family != AF_INET6)
164 return 0;
165 return 1;
166}
167
146/* 168/*
147 * Return the canonical name of the host in the other side of the current 169 * Return the canonical name of the host in the other side of the current
148 * connection. The host name is cached, so it is efficient to call this 170 * connection. The host name is cached, so it is efficient to call this
@@ -157,7 +179,7 @@ get_canonical_hostname()
157 return canonical_host_name; 179 return canonical_host_name;
158 180
159 /* Get the real hostname if socket; otherwise return UNKNOWN. */ 181 /* Get the real hostname if socket; otherwise return UNKNOWN. */
160 if (packet_get_connection_in() == packet_get_connection_out()) 182 if (peer_connection_is_on_socket())
161 canonical_host_name = get_remote_hostname(packet_get_connection_in()); 183 canonical_host_name = get_remote_hostname(packet_get_connection_in());
162 else 184 else
163 canonical_host_name = xstrdup("UNKNOWN"); 185 canonical_host_name = xstrdup("UNKNOWN");
@@ -181,7 +203,7 @@ get_remote_ipaddr()
181 return canonical_host_ip; 203 return canonical_host_ip;
182 204
183 /* If not a socket, return UNKNOWN. */ 205 /* If not a socket, return UNKNOWN. */
184 if (packet_get_connection_in() != packet_get_connection_out()) { 206 if (!peer_connection_is_on_socket()) {
185 canonical_host_ip = xstrdup("UNKNOWN"); 207 canonical_host_ip = xstrdup("UNKNOWN");
186 return canonical_host_ip; 208 return canonical_host_ip;
187 } 209 }
@@ -232,7 +254,7 @@ get_remote_port()
232 * If the connection is not a socket, return 65535. This is 254 * If the connection is not a socket, return 65535. This is
233 * intentionally chosen to be an unprivileged port number. 255 * intentionally chosen to be an unprivileged port number.
234 */ 256 */
235 if (packet_get_connection_in() != packet_get_connection_out()) 257 if (!peer_connection_is_on_socket())
236 return 65535; 258 return 65535;
237 259
238 /* Get client socket. */ 260 /* Get client socket. */
diff --git a/channels.c b/channels.c
index 328a11781..8d6d87ae3 100644
--- a/channels.c
+++ b/channels.c
@@ -16,7 +16,7 @@
16 */ 16 */
17 17
18#include "includes.h" 18#include "includes.h"
19RCSID("$Id: channels.c,v 1.11 1999/12/07 05:47:28 damien Exp $"); 19RCSID("$Id: channels.c,v 1.12 1999/12/13 23:47:15 damien Exp $");
20 20
21#include "ssh.h" 21#include "ssh.h"
22#include "packet.h" 22#include "packet.h"
@@ -877,11 +877,10 @@ channel_open_message()
877 877
878void 878void
879channel_request_local_forwarding(u_short port, const char *host, 879channel_request_local_forwarding(u_short port, const char *host,
880 u_short host_port) 880 u_short host_port, int gateway_ports)
881{ 881{
882 int ch, sock, on = 1; 882 int ch, sock, on = 1;
883 struct sockaddr_in sin; 883 struct sockaddr_in sin;
884 extern Options options;
885 struct linger linger; 884 struct linger linger;
886 885
887 if (strlen(host) > sizeof(channels[0].path) - 1) 886 if (strlen(host) > sizeof(channels[0].path) - 1)
@@ -895,7 +894,7 @@ channel_request_local_forwarding(u_short port, const char *host,
895 /* Initialize socket address. */ 894 /* Initialize socket address. */
896 memset(&sin, 0, sizeof(sin)); 895 memset(&sin, 0, sizeof(sin));
897 sin.sin_family = AF_INET; 896 sin.sin_family = AF_INET;
898 if (options.gateway_ports == 1) 897 if (gateway_ports == 1)
899 sin.sin_addr.s_addr = htonl(INADDR_ANY); 898 sin.sin_addr.s_addr = htonl(INADDR_ANY);
900 else 899 else
901 sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 900 sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
@@ -983,9 +982,11 @@ channel_input_port_forward_request(int is_root)
983 if (port < IPPORT_RESERVED && !is_root) 982 if (port < IPPORT_RESERVED && !is_root)
984 packet_disconnect("Requested forwarding of port %d but user is not root.", 983 packet_disconnect("Requested forwarding of port %d but user is not root.",
985 port); 984 port);
986 985 /*
987 /* Initiate forwarding. */ 986 * Initiate forwarding,
988 channel_request_local_forwarding(port, hostname, host_port); 987 * bind port to localhost only (gateway ports == 0).
988 */
989 channel_request_local_forwarding(port, hostname, host_port, 0);
989 990
990 /* Free the argument string. */ 991 /* Free the argument string. */
991 xfree(hostname); 992 xfree(hostname);
@@ -1116,16 +1117,15 @@ fail:
1116 */ 1117 */
1117 1118
1118char * 1119char *
1119x11_create_display_inet(int screen_number) 1120x11_create_display_inet(int screen_number, int x11_display_offset)
1120{ 1121{
1121 extern ServerOptions options;
1122 int display_number, sock; 1122 int display_number, sock;
1123 u_short port; 1123 u_short port;
1124 struct sockaddr_in sin; 1124 struct sockaddr_in sin;
1125 char buf[512]; 1125 char buf[512];
1126 char hostname[MAXHOSTNAMELEN]; 1126 char hostname[MAXHOSTNAMELEN];
1127 1127
1128 for (display_number = options.x11_display_offset; 1128 for (display_number = x11_display_offset;
1129 display_number < MAX_DISPLAYS; 1129 display_number < MAX_DISPLAYS;
1130 display_number++) { 1130 display_number++) {
1131 port = 6000 + display_number; 1131 port = 6000 + display_number;
diff --git a/mpaux.c b/mpaux.c
index 7bc7c13b8..24e9ce138 100644
--- a/mpaux.c
+++ b/mpaux.c
@@ -15,7 +15,7 @@
15*/ 15*/
16 16
17#include "includes.h" 17#include "includes.h"
18RCSID("$Id: mpaux.c,v 1.7 1999/11/24 13:26:22 damien Exp $"); 18RCSID("$Id: mpaux.c,v 1.8 1999/12/13 23:47:16 damien Exp $");
19 19
20#include "getput.h" 20#include "getput.h"
21#include "xmalloc.h" 21#include "xmalloc.h"
@@ -35,17 +35,17 @@ compute_session_id(unsigned char session_id[16],
35 BIGNUM* host_key_n, 35 BIGNUM* host_key_n,
36 BIGNUM* session_key_n) 36 BIGNUM* session_key_n)
37{ 37{
38 unsigned int host_key_bits = BN_num_bits(host_key_n); 38 unsigned int host_key_bytes = BN_num_bytes(host_key_n);
39 unsigned int session_key_bits = BN_num_bits(session_key_n); 39 unsigned int session_key_bytes = BN_num_bytes(session_key_n);
40 unsigned int bytes = (host_key_bits + 7) / 8 + (session_key_bits + 7) / 8 + 8; 40 unsigned int bytes = host_key_bytes + session_key_bytes;
41 unsigned char *buf = xmalloc(bytes); 41 unsigned char *buf = xmalloc(bytes);
42 MD5_CTX md; 42 MD5_CTX md;
43 43
44 BN_bn2bin(host_key_n, buf); 44 BN_bn2bin(host_key_n, buf);
45 BN_bn2bin(session_key_n, buf + (host_key_bits + 7) / 8); 45 BN_bn2bin(session_key_n, buf + host_key_bytes);
46 memcpy(buf + (host_key_bits + 7) / 8 + (session_key_bits + 7) / 8, cookie, 8);
47 MD5_Init(&md); 46 MD5_Init(&md);
48 MD5_Update(&md, buf, bytes); 47 MD5_Update(&md, buf, bytes);
48 MD5_Update(&md, cookie, 8);
49 MD5_Final(session_id, &md); 49 MD5_Final(session_id, &md);
50 memset(buf, 0, bytes); 50 memset(buf, 0, bytes);
51 xfree(buf); 51 xfree(buf);
diff --git a/pty.c b/pty.c
index c6c7363b2..f7ef19ca7 100644
--- a/pty.c
+++ b/pty.c
@@ -14,8 +14,9 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$Id: pty.c,v 1.8 1999/12/08 23:16:55 damien Exp $"); 17RCSID("$Id: pty.c,v 1.9 1999/12/13 23:47:16 damien Exp $");
18 18
19#include <util.h>
19#include "pty.h" 20#include "pty.h"
20#include "ssh.h" 21#include "ssh.h"
21 22
@@ -163,7 +164,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
163 *ptyfd = open(buf, O_RDWR | O_NOCTTY); 164 *ptyfd = open(buf, O_RDWR | O_NOCTTY);
164 if (*ptyfd < 0) 165 if (*ptyfd < 0)
165 continue; 166 continue;
166 snprintf(namebuf, sizeof namebuflen, "/dev/tty%c%c", 167 snprintf(namebuf, namebuflen, "/dev/tty%c%c",
167 ptymajors[i / num_minors], ptyminors[i % num_minors]); 168 ptymajors[i / num_minors], ptyminors[i % num_minors]);
168 169
169 /* Open the slave side. */ 170 /* Open the slave side. */
diff --git a/ssh.1 b/ssh.1
index fb5044482..25e81d6dd 100644
--- a/ssh.1
+++ b/ssh.1
@@ -9,7 +9,7 @@
9.\" 9.\"
10.\" Created: Sat Apr 22 21:55:14 1995 ylo 10.\" Created: Sat Apr 22 21:55:14 1995 ylo
11.\" 11.\"
12.\" $Id: ssh.1,v 1.11 1999/12/06 00:47:29 damien Exp $ 12.\" $Id: ssh.1,v 1.12 1999/12/13 23:47:16 damien Exp $
13.\" 13.\"
14.Dd September 25, 1999 14.Dd September 25, 1999
15.Dt SSH 1 15.Dt SSH 1
@@ -351,7 +351,7 @@ per-host basis in the configuration file.
351Use a non-privileged port for outgoing connections. 351Use a non-privileged port for outgoing connections.
352This can be used if your firewall does 352This can be used if your firewall does
353not permit connections from privileged ports. 353not permit connections from privileged ports.
354Note that this option turns of 354Note that this option turns off
355.Cm RhostsAuthentication 355.Cm RhostsAuthentication
356and 356and
357.Cm RhostsRSAAuthentication . 357.Cm RhostsRSAAuthentication .
@@ -720,7 +720,7 @@ The default is
720.Dq yes . 720.Dq yes .
721Note that setting this option to 721Note that setting this option to
722.Dq no 722.Dq no
723turns of 723turns off
724.Cm RhostsAuthentication 724.Cm RhostsAuthentication
725and 725and
726.Cm RhostsRSAAuthentication . 726.Cm RhostsRSAAuthentication .
diff --git a/ssh.c b/ssh.c
index c0d61f820..447878f29 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
11 */ 11 */
12 12
13#include "includes.h" 13#include "includes.h"
14RCSID("$Id: ssh.c,v 1.13 1999/12/06 00:47:29 damien Exp $"); 14RCSID("$Id: ssh.c,v 1.14 1999/12/13 23:47:16 damien Exp $");
15 15
16#include "xmalloc.h" 16#include "xmalloc.h"
17#include "ssh.h" 17#include "ssh.h"
@@ -732,7 +732,8 @@ main(int ac, char **av)
732 options.local_forwards[i].host_port); 732 options.local_forwards[i].host_port);
733 channel_request_local_forwarding(options.local_forwards[i].port, 733 channel_request_local_forwarding(options.local_forwards[i].port,
734 options.local_forwards[i].host, 734 options.local_forwards[i].host,
735 options.local_forwards[i].host_port); 735 options.local_forwards[i].host_port,
736 options.gateway_ports);
736 } 737 }
737 738
738 /* Initiate remote TCP/IP port forwardings. */ 739 /* Initiate remote TCP/IP port forwardings. */
diff --git a/ssh.h b/ssh.h
index facd88a09..86780c0fd 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
13 * 13 *
14 */ 14 */
15 15
16/* RCSID("$Id: ssh.h,v 1.19 1999/12/07 04:38:32 damien Exp $"); */ 16/* RCSID("$Id: ssh.h,v 1.20 1999/12/13 23:47:16 damien Exp $"); */
17 17
18#ifndef SSH_H 18#ifndef SSH_H
19#define SSH_H 19#define SSH_H
@@ -589,7 +589,7 @@ char *channel_open_message(void);
589 */ 589 */
590void 590void
591channel_request_local_forwarding(u_short port, const char *host, 591channel_request_local_forwarding(u_short port, const char *host,
592 u_short remote_port); 592 u_short remote_port, int gateway_ports);
593 593
594/* 594/*
595 * Initiate forwarding of connections to port "port" on remote host through 595 * Initiate forwarding of connections to port "port" on remote host through
@@ -633,7 +633,7 @@ char *x11_create_display(int screen);
633 * Returns a suitable value for the DISPLAY variable, or NULL if an error 633 * Returns a suitable value for the DISPLAY variable, or NULL if an error
634 * occurs. 634 * occurs.
635 */ 635 */
636char *x11_create_display_inet(int screen); 636char *x11_create_display_inet(int screen, int x11_display_offset);
637 637
638/* 638/*
639 * This is called when SSH_SMSG_X11_OPEN is received. The packet contains 639 * This is called when SSH_SMSG_X11_OPEN is received. The packet contains
diff --git a/sshconnect.c b/sshconnect.c
index e6175f11b..d96f8e026 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -8,7 +8,7 @@
8 */ 8 */
9 9
10#include "includes.h" 10#include "includes.h"
11RCSID("$Id: sshconnect.c,v 1.17 1999/12/07 04:38:32 damien Exp $"); 11RCSID("$Id: sshconnect.c,v 1.18 1999/12/13 23:47:16 damien Exp $");
12 12
13#ifdef HAVE_OPENSSL 13#ifdef HAVE_OPENSSL
14#include <openssl/bn.h> 14#include <openssl/bn.h>
@@ -156,8 +156,10 @@ ssh_create_socket(uid_t original_real_uid, int privileged)
156 fatal("rresvport: %.100s", strerror(errno)); 156 fatal("rresvport: %.100s", strerror(errno));
157 debug("Allocated local port %d.", p); 157 debug("Allocated local port %d.", p);
158 } else { 158 } else {
159 /* Just create an ordinary socket on arbitrary port. We 159 /*
160 use the user's uid to create the socket. */ 160 * Just create an ordinary socket on arbitrary port. We use
161 * the user's uid to create the socket.
162 */
161 temporarily_use_uid(original_real_uid); 163 temporarily_use_uid(original_real_uid);
162 sock = socket(AF_INET, SOCK_STREAM, 0); 164 sock = socket(AF_INET, SOCK_STREAM, 0);
163 if (sock < 0) 165 if (sock < 0)
@@ -209,9 +211,11 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr,
209 /* No host lookup made yet. */ 211 /* No host lookup made yet. */
210 hp = NULL; 212 hp = NULL;
211 213
212 /* Try to connect several times. On some machines, the first time 214 /*
213 will sometimes fail. In general socket code appears to behave 215 * Try to connect several times. On some machines, the first time
214 quite magically on many machines. */ 216 * will sometimes fail. In general socket code appears to behave
217 * quite magically on many machines.
218 */
215 for (attempt = 0; attempt < connection_attempts; attempt++) { 219 for (attempt = 0; attempt < connection_attempts; attempt++) {
216 if (attempt > 0) 220 if (attempt > 0)
217 debug("Trying again..."); 221 debug("Trying again...");
@@ -1087,39 +1091,21 @@ read_yes_or_no(const char *prompt, int defval)
1087} 1091}
1088 1092
1089/* 1093/*
1090 * Starts a dialog with the server, and authenticates the current user on the 1094 * check whether the supplied host key is valid, return only if ok.
1091 * server. This does not need any extra privileges. The basic connection
1092 * to the server must already have been established before this is called.
1093 * User is the remote user; if it is NULL, the current local user name will
1094 * be used. Anonymous indicates that no rhosts authentication will be used.
1095 * If login fails, this function prints an error and never returns.
1096 * This function does not require super-user privileges.
1097 */ 1095 */
1096
1098void 1097void
1099ssh_login(int host_key_valid, 1098check_host_key(char *host,
1100 RSA *own_host_key, 1099 struct sockaddr_in *hostaddr,
1101 const char *orighost, 1100 RSA *host_key)
1102 struct sockaddr_in *hostaddr,
1103 uid_t original_real_uid)
1104{ 1101{
1105 int i, type; 1102 RSA *file_key;
1106 struct passwd *pw; 1103 char *ip = NULL;
1107 BIGNUM *key;
1108 RSA *host_key, *file_key;
1109 RSA *public_key;
1110 int bits, rbits;
1111 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
1112 const char *server_user, *local_user;
1113 char *cp, *host, *ip = NULL;
1114 char hostline[1000], *hostp; 1104 char hostline[1000], *hostp;
1115 unsigned char check_bytes[8];
1116 unsigned int supported_ciphers, supported_authentications, protocol_flags;
1117 HostStatus host_status; 1105 HostStatus host_status;
1118 HostStatus ip_status; 1106 HostStatus ip_status;
1119 int host_ip_differ = 0; 1107 int host_ip_differ = 0;
1120 int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; 1108 int local = (ntohl(hostaddr->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
1121 int payload_len, clen, sum_len = 0;
1122 u_int32_t rand = 0;
1123 1109
1124 /* 1110 /*
1125 * Turn off check_host_ip for proxy connects, since 1111 * Turn off check_host_ip for proxy connects, since
@@ -1131,88 +1117,14 @@ ssh_login(int host_key_valid,
1131 if (options.check_host_ip) 1117 if (options.check_host_ip)
1132 ip = xstrdup(inet_ntoa(hostaddr->sin_addr)); 1118 ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
1133 1119
1134 /* Convert the user-supplied hostname into all lowercase. */ 1120 /*
1135 host = xstrdup(orighost); 1121 * Store the host key from the known host file in here so that we can
1136 for (cp = host; *cp; cp++) 1122 * compare it with the key for the IP address.
1137 if (isupper(*cp)) 1123 */
1138 *cp = tolower(*cp);
1139
1140 /* Exchange protocol version identification strings with the server. */
1141 ssh_exchange_identification();
1142
1143 /* Put the connection into non-blocking mode. */
1144 packet_set_nonblocking();
1145
1146 /* Get local user name. Use it as server user if no user name was given. */
1147 pw = getpwuid(original_real_uid);
1148 if (!pw)
1149 fatal("User id %d not found from user database.", original_real_uid);
1150 local_user = xstrdup(pw->pw_name);
1151 server_user = options.user ? options.user : local_user;
1152
1153 debug("Waiting for server public key.");
1154
1155 /* Wait for a public key packet from the server. */
1156 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
1157
1158 /* Get check bytes from the packet. */
1159 for (i = 0; i < 8; i++)
1160 check_bytes[i] = packet_get_char();
1161
1162 /* Get the public key. */
1163 public_key = RSA_new();
1164 bits = packet_get_int();/* bits */
1165 public_key->e = BN_new();
1166 packet_get_bignum(public_key->e, &clen);
1167 sum_len += clen;
1168 public_key->n = BN_new();
1169 packet_get_bignum(public_key->n, &clen);
1170 sum_len += clen;
1171
1172 rbits = BN_num_bits(public_key->n);
1173 if (bits != rbits) {
1174 log("Warning: Server lies about size of server public key: "
1175 "actual size is %d bits vs. announced %d.", rbits, bits);
1176 log("Warning: This may be due to an old implementation of ssh.");
1177 }
1178 /* Get the host key. */
1179 host_key = RSA_new();
1180 bits = packet_get_int();/* bits */
1181 host_key->e = BN_new();
1182 packet_get_bignum(host_key->e, &clen);
1183 sum_len += clen;
1184 host_key->n = BN_new();
1185 packet_get_bignum(host_key->n, &clen);
1186 sum_len += clen;
1187
1188 rbits = BN_num_bits(host_key->n);
1189 if (bits != rbits) {
1190 log("Warning: Server lies about size of server host key: "
1191 "actual size is %d bits vs. announced %d.", rbits, bits);
1192 log("Warning: This may be due to an old implementation of ssh.");
1193 }
1194 /* Store the host key from the known host file in here so that we
1195 can compare it with the key for the IP address. */
1196 file_key = RSA_new(); 1124 file_key = RSA_new();
1197 file_key->n = BN_new(); 1125 file_key->n = BN_new();
1198 file_key->e = BN_new(); 1126 file_key->e = BN_new();
1199 1127
1200 /* Get protocol flags. */
1201 protocol_flags = packet_get_int();
1202 packet_set_protocol_flags(protocol_flags);
1203
1204 supported_ciphers = packet_get_int();
1205 supported_authentications = packet_get_int();
1206
1207 debug("Received server public key (%d bits) and host key (%d bits).",
1208 BN_num_bits(public_key->n), BN_num_bits(host_key->n));
1209
1210 packet_integrity_check(payload_len,
1211 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
1212 SSH_SMSG_PUBLIC_KEY);
1213
1214 compute_session_id(session_id, check_bytes, host_key->n, public_key->n);
1215
1216 /* 1128 /*
1217 * Check if the host key is present in the user\'s list of known 1129 * Check if the host key is present in the user\'s list of known
1218 * hosts or in the systemwide list. 1130 * hosts or in the systemwide list.
@@ -1372,9 +1284,121 @@ ssh_login(int host_key_valid,
1372 */ 1284 */
1373 break; 1285 break;
1374 } 1286 }
1375
1376 if (options.check_host_ip) 1287 if (options.check_host_ip)
1377 xfree(ip); 1288 xfree(ip);
1289}
1290
1291/*
1292 * Starts a dialog with the server, and authenticates the current user on the
1293 * server. This does not need any extra privileges. The basic connection
1294 * to the server must already have been established before this is called.
1295 * User is the remote user; if it is NULL, the current local user name will
1296 * be used. Anonymous indicates that no rhosts authentication will be used.
1297 * If login fails, this function prints an error and never returns.
1298 * This function does not require super-user privileges.
1299 */
1300void
1301ssh_login(int host_key_valid,
1302 RSA *own_host_key,
1303 const char *orighost,
1304 struct sockaddr_in *hostaddr,
1305 uid_t original_real_uid)
1306{
1307 int i, type;
1308 struct passwd *pw;
1309 BIGNUM *key;
1310 RSA *host_key;
1311 RSA *public_key;
1312 int bits, rbits;
1313 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
1314 const char *server_user, *local_user;
1315 char *host, *cp;
1316 unsigned char check_bytes[8];
1317 unsigned int supported_ciphers, supported_authentications;
1318 unsigned int server_flags, client_flags;
1319 int payload_len, clen, sum_len = 0;
1320 u_int32_t rand = 0;
1321
1322 /* Convert the user-supplied hostname into all lowercase. */
1323 host = xstrdup(orighost);
1324 for (cp = host; *cp; cp++)
1325 if (isupper(*cp))
1326 *cp = tolower(*cp);
1327
1328 /* Exchange protocol version identification strings with the server. */
1329 ssh_exchange_identification();
1330
1331 /* Put the connection into non-blocking mode. */
1332 packet_set_nonblocking();
1333
1334 /* Get local user name. Use it as server user if no user name was given. */
1335 pw = getpwuid(original_real_uid);
1336 if (!pw)
1337 fatal("User id %d not found from user database.", original_real_uid);
1338 local_user = xstrdup(pw->pw_name);
1339 server_user = options.user ? options.user : local_user;
1340
1341 debug("Waiting for server public key.");
1342
1343 /* Wait for a public key packet from the server. */
1344 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY);
1345
1346 /* Get check bytes from the packet. */
1347 for (i = 0; i < 8; i++)
1348 check_bytes[i] = packet_get_char();
1349
1350 /* Get the public key. */
1351 public_key = RSA_new();
1352 bits = packet_get_int();/* bits */
1353 public_key->e = BN_new();
1354 packet_get_bignum(public_key->e, &clen);
1355 sum_len += clen;
1356 public_key->n = BN_new();
1357 packet_get_bignum(public_key->n, &clen);
1358 sum_len += clen;
1359
1360 rbits = BN_num_bits(public_key->n);
1361 if (bits != rbits) {
1362 log("Warning: Server lies about size of server public key: "
1363 "actual size is %d bits vs. announced %d.", rbits, bits);
1364 log("Warning: This may be due to an old implementation of ssh.");
1365 }
1366 /* Get the host key. */
1367 host_key = RSA_new();
1368 bits = packet_get_int();/* bits */
1369 host_key->e = BN_new();
1370 packet_get_bignum(host_key->e, &clen);
1371 sum_len += clen;
1372 host_key->n = BN_new();
1373 packet_get_bignum(host_key->n, &clen);
1374 sum_len += clen;
1375
1376 rbits = BN_num_bits(host_key->n);
1377 if (bits != rbits) {
1378 log("Warning: Server lies about size of server host key: "
1379 "actual size is %d bits vs. announced %d.", rbits, bits);
1380 log("Warning: This may be due to an old implementation of ssh.");
1381 }
1382
1383 /* Get protocol flags. */
1384 server_flags = packet_get_int();
1385 packet_set_protocol_flags(server_flags);
1386
1387 supported_ciphers = packet_get_int();
1388 supported_authentications = packet_get_int();
1389
1390 debug("Received server public key (%d bits) and host key (%d bits).",
1391 BN_num_bits(public_key->n), BN_num_bits(host_key->n));
1392
1393 packet_integrity_check(payload_len,
1394 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
1395 SSH_SMSG_PUBLIC_KEY);
1396
1397 check_host_key(host, hostaddr, host_key);
1398
1399 client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
1400
1401 compute_session_id(session_id, check_bytes, host_key->n, public_key->n);
1378 1402
1379 /* Generate a session key. */ 1403 /* Generate a session key. */
1380 arc4random_stir(); 1404 arc4random_stir();
@@ -1465,7 +1489,7 @@ ssh_login(int host_key_valid,
1465 packet_put_bignum(key); 1489 packet_put_bignum(key);
1466 1490
1467 /* Send protocol flags. */ 1491 /* Send protocol flags. */
1468 packet_put_int(SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN); 1492 packet_put_int(client_flags);
1469 1493
1470 /* Send the packet now. */ 1494 /* Send the packet now. */
1471 packet_send(); 1495 packet_send();
diff --git a/sshd.c b/sshd.c
index 55608c0a4..3e9ff907b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
11 */ 11 */
12 12
13#include "includes.h" 13#include "includes.h"
14RCSID("$Id: sshd.c,v 1.37 1999/12/08 23:31:37 damien Exp $"); 14RCSID("$Id: sshd.c,v 1.38 1999/12/13 23:47:16 damien Exp $");
15 15
16#include <poll.h> 16#include <poll.h>
17 17
@@ -960,7 +960,7 @@ do_connection()
960 unsigned char check_bytes[8]; 960 unsigned char check_bytes[8];
961 char *user; 961 char *user;
962 unsigned int cipher_type, auth_mask, protocol_flags; 962 unsigned int cipher_type, auth_mask, protocol_flags;
963 int plen, slen; 963 int plen, slen, ulen;
964 u_int32_t rand = 0; 964 u_int32_t rand = 0;
965 965
966 /* 966 /*
@@ -1139,11 +1139,8 @@ do_connection()
1139 packet_read_expect(&plen, SSH_CMSG_USER); 1139 packet_read_expect(&plen, SSH_CMSG_USER);
1140 1140
1141 /* Get the user name. */ 1141 /* Get the user name. */
1142 { 1142 user = packet_get_string(&ulen);
1143 int ulen; 1143 packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
1144 user = packet_get_string(&ulen);
1145 packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
1146 }
1147 1144
1148 /* Destroy the private and public keys. They will no longer be needed. */ 1145 /* Destroy the private and public keys. They will no longer be needed. */
1149 RSA_free(public_key); 1146 RSA_free(public_key);
@@ -1646,15 +1643,22 @@ do_fake_authloop(char *user)
1646#ifdef SKEY 1643#ifdef SKEY
1647 int dlen; 1644 int dlen;
1648 char *password, *skeyinfo; 1645 char *password, *skeyinfo;
1649 if (options.password_authentication && 1646 /* Try to send a fake s/key challenge. */
1650 options.skey_authentication == 1 && 1647 if (options.skey_authentication == 1 &&
1651 type == SSH_CMSG_AUTH_PASSWORD &&
1652 (password = packet_get_string(&dlen)) != NULL &&
1653 dlen == 5 &&
1654 strncasecmp(password, "s/key", 5) == 0 &&
1655 (skeyinfo = skey_fake_keyinfo(user)) != NULL) { 1648 (skeyinfo = skey_fake_keyinfo(user)) != NULL) {
1656 /* Send a fake s/key challenge. */ 1649 if (type == SSH_CMSG_AUTH_TIS) {
1657 packet_send_debug(skeyinfo); 1650 packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
1651 packet_put_string(skeyinfo, strlen(skeyinfo));
1652 packet_send();
1653 packet_write_wait();
1654 continue;
1655 } else if (type == SSH_CMSG_AUTH_PASSWORD &&
1656 options.password_authentication &&
1657 (password = packet_get_string(&dlen)) != NULL &&
1658 dlen == 5 &&
1659 strncasecmp(password, "s/key", 5) == 0 ) {
1660 packet_send_debug(skeyinfo);
1661 }
1658 } 1662 }
1659#endif 1663#endif
1660 if (attempt > AUTH_FAIL_MAX) 1664 if (attempt > AUTH_FAIL_MAX)
@@ -1836,7 +1840,7 @@ do_authenticated(struct passwd * pw)
1836 screen = packet_get_int(); 1840 screen = packet_get_int();
1837 else 1841 else
1838 screen = 0; 1842 screen = 0;
1839 display = x11_create_display_inet(screen); 1843 display = x11_create_display_inet(screen, options.x11_display_offset);
1840 if (!display) 1844 if (!display)
1841 goto fail; 1845 goto fail;
1842 1846
diff --git a/version.h b/version.h
index 8d2fc5c2c..9c7aa2a6d 100644
--- a/version.h
+++ b/version.h
@@ -1 +1 @@
#define SSH_VERSION "OpenSSH-1.2" #define SSH_VERSION "OpenSSH-1.2.1"