summaryrefslogtreecommitdiff
path: root/sshconnect1.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect1.c')
-rw-r--r--sshconnect1.c61
1 files changed, 28 insertions, 33 deletions
diff --git a/sshconnect1.c b/sshconnect1.c
index e66f35040..8b577fb0a 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect1.c,v 1.46 2001/12/28 13:57:33 markus Exp $"); 16RCSID("$OpenBSD: sshconnect1.c,v 1.47 2001/12/28 14:50:54 markus Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19#include <openssl/evp.h> 19#include <openssl/evp.h>
@@ -67,7 +67,6 @@ try_agent_authentication(void)
67 AuthenticationConnection *auth; 67 AuthenticationConnection *auth;
68 u_char response[16]; 68 u_char response[16];
69 u_int i; 69 u_int i;
70 int plen;
71 Key *key; 70 Key *key;
72 BIGNUM *challenge; 71 BIGNUM *challenge;
73 72
@@ -94,7 +93,7 @@ try_agent_authentication(void)
94 packet_write_wait(); 93 packet_write_wait();
95 94
96 /* Wait for server's response. */ 95 /* Wait for server's response. */
97 type = packet_read(&plen); 96 type = packet_read();
98 97
99 /* The server sends failure if it doesn\'t like our key or 98 /* The server sends failure if it doesn\'t like our key or
100 does not support RSA authentication. */ 99 does not support RSA authentication. */
@@ -134,7 +133,7 @@ try_agent_authentication(void)
134 packet_write_wait(); 133 packet_write_wait();
135 134
136 /* Wait for response from the server. */ 135 /* Wait for response from the server. */
137 type = packet_read(&plen); 136 type = packet_read();
138 137
139 /* The server returns success if it accepted the authentication. */ 138 /* The server returns success if it accepted the authentication. */
140 if (type == SSH_SMSG_SUCCESS) { 139 if (type == SSH_SMSG_SUCCESS) {
@@ -209,7 +208,7 @@ try_rsa_authentication(int idx)
209 BIGNUM *challenge; 208 BIGNUM *challenge;
210 Key *public, *private; 209 Key *public, *private;
211 char buf[300], *passphrase, *comment, *authfile; 210 char buf[300], *passphrase, *comment, *authfile;
212 int i, type, quit, plen; 211 int i, type, quit;
213 212
214 public = options.identity_keys[idx]; 213 public = options.identity_keys[idx];
215 authfile = options.identity_files[idx]; 214 authfile = options.identity_files[idx];
@@ -224,7 +223,7 @@ try_rsa_authentication(int idx)
224 packet_write_wait(); 223 packet_write_wait();
225 224
226 /* Wait for server's response. */ 225 /* Wait for server's response. */
227 type = packet_read(&plen); 226 type = packet_read();
228 227
229 /* 228 /*
230 * The server responds with failure if it doesn\'t like our key or 229 * The server responds with failure if it doesn\'t like our key or
@@ -291,7 +290,7 @@ try_rsa_authentication(int idx)
291 packet_write_wait(); 290 packet_write_wait();
292 291
293 /* Expect the server to reject it... */ 292 /* Expect the server to reject it... */
294 packet_read_expect(&plen, SSH_SMSG_FAILURE); 293 packet_read_expect(SSH_SMSG_FAILURE);
295 BN_clear_free(challenge); 294 BN_clear_free(challenge);
296 return 0; 295 return 0;
297 } 296 }
@@ -307,7 +306,7 @@ try_rsa_authentication(int idx)
307 BN_clear_free(challenge); 306 BN_clear_free(challenge);
308 307
309 /* Wait for response from the server. */ 308 /* Wait for response from the server. */
310 type = packet_read(&plen); 309 type = packet_read();
311 if (type == SSH_SMSG_SUCCESS) { 310 if (type == SSH_SMSG_SUCCESS) {
312 debug("RSA authentication accepted by server."); 311 debug("RSA authentication accepted by server.");
313 return 1; 312 return 1;
@@ -327,7 +326,6 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
327{ 326{
328 int type; 327 int type;
329 BIGNUM *challenge; 328 BIGNUM *challenge;
330 int plen;
331 329
332 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); 330 debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication.");
333 331
@@ -341,7 +339,7 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
341 packet_write_wait(); 339 packet_write_wait();
342 340
343 /* Wait for server's response. */ 341 /* Wait for server's response. */
344 type = packet_read(&plen); 342 type = packet_read();
345 343
346 /* The server responds with failure if it doesn't admit our 344 /* The server responds with failure if it doesn't admit our
347 .rhosts authentication or doesn't know our host key. */ 345 .rhosts authentication or doesn't know our host key. */
@@ -368,7 +366,7 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
368 BN_clear_free(challenge); 366 BN_clear_free(challenge);
369 367
370 /* Wait for response from the server. */ 368 /* Wait for response from the server. */
371 type = packet_read(&plen); 369 type = packet_read();
372 if (type == SSH_SMSG_SUCCESS) { 370 if (type == SSH_SMSG_SUCCESS) {
373 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); 371 debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.");
374 return 1; 372 return 1;
@@ -388,7 +386,7 @@ try_krb4_authentication(void)
388 char inst[INST_SZ]; 386 char inst[INST_SZ];
389 char *realm; 387 char *realm;
390 CREDENTIALS cred; 388 CREDENTIALS cred;
391 int r, type, plen; 389 int r, type;
392 socklen_t slen; 390 socklen_t slen;
393 Key_schedule schedule; 391 Key_schedule schedule;
394 u_long checksum, cksum; 392 u_long checksum, cksum;
@@ -447,7 +445,7 @@ try_krb4_authentication(void)
447 fatal_cleanup(); 445 fatal_cleanup();
448 } 446 }
449 /* Get server reply. */ 447 /* Get server reply. */
450 type = packet_read(&plen); 448 type = packet_read();
451 switch (type) { 449 switch (type) {
452 case SSH_SMSG_FAILURE: 450 case SSH_SMSG_FAILURE:
453 /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ 451 /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
@@ -509,7 +507,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
509 krb5_ccache ccache = NULL; 507 krb5_ccache ccache = NULL;
510 const char *remotehost; 508 const char *remotehost;
511 krb5_data ap; 509 krb5_data ap;
512 int type, payload_len; 510 int type;
513 krb5_ap_rep_enc_part *reply = NULL; 511 krb5_ap_rep_enc_part *reply = NULL;
514 int ret; 512 int ret;
515 513
@@ -559,7 +557,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
559 xfree(ap.data); 557 xfree(ap.data);
560 ap.length = 0; 558 ap.length = 0;
561 559
562 type = packet_read(&payload_len); 560 type = packet_read();
563 switch (type) { 561 switch (type) {
564 case SSH_SMSG_FAILURE: 562 case SSH_SMSG_FAILURE:
565 /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ 563 /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
@@ -605,7 +603,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
605static void 603static void
606send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) 604send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
607{ 605{
608 int fd, type, payload_len; 606 int fd, type;
609 krb5_error_code problem; 607 krb5_error_code problem;
610 krb5_data outbuf; 608 krb5_data outbuf;
611 krb5_ccache ccache = NULL; 609 krb5_ccache ccache = NULL;
@@ -655,7 +653,7 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
655 packet_send(); 653 packet_send();
656 packet_write_wait(); 654 packet_write_wait();
657 655
658 type = packet_read(&payload_len); 656 type = packet_read();
659 657
660 if (type == SSH_SMSG_SUCCESS) { 658 if (type == SSH_SMSG_SUCCESS) {
661 char *pname; 659 char *pname;
@@ -690,7 +688,7 @@ send_krb4_tgt(void)
690 CREDENTIALS *creds; 688 CREDENTIALS *creds;
691 struct stat st; 689 struct stat st;
692 char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; 690 char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
693 int problem, type, len; 691 int problem, type;
694 692
695 /* Don't do anything if we don't have any tickets. */ 693 /* Don't do anything if we don't have any tickets. */
696 if (stat(tkt_string(), &st) < 0) 694 if (stat(tkt_string(), &st) < 0)
@@ -717,7 +715,7 @@ send_krb4_tgt(void)
717 packet_send(); 715 packet_send();
718 packet_write_wait(); 716 packet_write_wait();
719 717
720 type = packet_read(&len); 718 type = packet_read();
721 719
722 if (type == SSH_SMSG_SUCCESS) 720 if (type == SSH_SMSG_SUCCESS)
723 debug("Kerberos v4 TGT forwarded (%s%s%s@%s).", 721 debug("Kerberos v4 TGT forwarded (%s%s%s@%s).",
@@ -795,7 +793,7 @@ send_afs_tokens(void)
795 793
796 /* Roger, Roger. Clearance, Clarence. What's your vector, 794 /* Roger, Roger. Clearance, Clarence. What's your vector,
797 Victor? */ 795 Victor? */
798 type = packet_read(&len); 796 type = packet_read();
799 797
800 if (type == SSH_SMSG_FAILURE) 798 if (type == SSH_SMSG_FAILURE)
801 debug("AFS token for cell %s rejected.", server_cell); 799 debug("AFS token for cell %s rejected.", server_cell);
@@ -814,7 +812,6 @@ static int
814try_challenge_response_authentication(void) 812try_challenge_response_authentication(void)
815{ 813{
816 int type, i; 814 int type, i;
817 int payload_len;
818 u_int clen; 815 u_int clen;
819 char prompt[1024]; 816 char prompt[1024];
820 char *challenge, *response; 817 char *challenge, *response;
@@ -827,7 +824,7 @@ try_challenge_response_authentication(void)
827 packet_send(); 824 packet_send();
828 packet_write_wait(); 825 packet_write_wait();
829 826
830 type = packet_read(&payload_len); 827 type = packet_read();
831 if (type != SSH_SMSG_FAILURE && 828 if (type != SSH_SMSG_FAILURE &&
832 type != SSH_SMSG_AUTH_TIS_CHALLENGE) { 829 type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
833 packet_disconnect("Protocol error: got %d in response " 830 packet_disconnect("Protocol error: got %d in response "
@@ -858,7 +855,7 @@ try_challenge_response_authentication(void)
858 xfree(response); 855 xfree(response);
859 packet_send(); 856 packet_send();
860 packet_write_wait(); 857 packet_write_wait();
861 type = packet_read(&payload_len); 858 type = packet_read();
862 if (type == SSH_SMSG_SUCCESS) 859 if (type == SSH_SMSG_SUCCESS)
863 return 1; 860 return 1;
864 if (type != SSH_SMSG_FAILURE) 861 if (type != SSH_SMSG_FAILURE)
@@ -875,7 +872,7 @@ try_challenge_response_authentication(void)
875static int 872static int
876try_password_authentication(char *prompt) 873try_password_authentication(char *prompt)
877{ 874{
878 int type, i, payload_len; 875 int type, i;
879 char *password; 876 char *password;
880 877
881 debug("Doing password authentication."); 878 debug("Doing password authentication.");
@@ -892,7 +889,7 @@ try_password_authentication(char *prompt)
892 packet_send(); 889 packet_send();
893 packet_write_wait(); 890 packet_write_wait();
894 891
895 type = packet_read(&payload_len); 892 type = packet_read();
896 if (type == SSH_SMSG_SUCCESS) 893 if (type == SSH_SMSG_SUCCESS)
897 return 1; 894 return 1;
898 if (type != SSH_SMSG_FAILURE) 895 if (type != SSH_SMSG_FAILURE)
@@ -917,13 +914,12 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
917 u_char cookie[8]; 914 u_char cookie[8];
918 u_int supported_ciphers; 915 u_int supported_ciphers;
919 u_int server_flags, client_flags; 916 u_int server_flags, client_flags;
920 int payload_len;
921 u_int32_t rand = 0; 917 u_int32_t rand = 0;
922 918
923 debug("Waiting for server public key."); 919 debug("Waiting for server public key.");
924 920
925 /* Wait for a public key packet from the server. */ 921 /* Wait for a public key packet from the server. */
926 packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY); 922 packet_read_expect(SSH_SMSG_PUBLIC_KEY);
927 923
928 /* Get cookie from the packet. */ 924 /* Get cookie from the packet. */
929 for (i = 0; i < 8; i++) 925 for (i = 0; i < 8; i++)
@@ -1084,7 +1080,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
1084 * Expect a success message from the server. Note that this message 1080 * Expect a success message from the server. Note that this message
1085 * will be received in encrypted form. 1081 * will be received in encrypted form.
1086 */ 1082 */
1087 packet_read_expect(&payload_len, SSH_SMSG_SUCCESS); 1083 packet_read_expect(SSH_SMSG_SUCCESS);
1088 1084
1089 debug("Received encrypted confirmation."); 1085 debug("Received encrypted confirmation.");
1090} 1086}
@@ -1101,7 +1097,6 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
1101 krb5_auth_context auth_context = NULL; 1097 krb5_auth_context auth_context = NULL;
1102#endif 1098#endif
1103 int i, type; 1099 int i, type;
1104 int payload_len;
1105 1100
1106 if (supported_authentications == 0) 1101 if (supported_authentications == 0)
1107 fatal("ssh_userauth1: server supports no auth methods"); 1102 fatal("ssh_userauth1: server supports no auth methods");
@@ -1117,7 +1112,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
1117 * needed (the user has no password). Otherwise the server responds 1112 * needed (the user has no password). Otherwise the server responds
1118 * with failure. 1113 * with failure.
1119 */ 1114 */
1120 type = packet_read(&payload_len); 1115 type = packet_read();
1121 1116
1122 /* check whether the connection was accepted without authentication. */ 1117 /* check whether the connection was accepted without authentication. */
1123 if (type == SSH_SMSG_SUCCESS) 1118 if (type == SSH_SMSG_SUCCESS)
@@ -1131,7 +1126,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
1131 debug("Trying Kerberos v5 authentication."); 1126 debug("Trying Kerberos v5 authentication.");
1132 1127
1133 if (try_krb5_authentication(&context, &auth_context)) { 1128 if (try_krb5_authentication(&context, &auth_context)) {
1134 type = packet_read(&payload_len); 1129 type = packet_read();
1135 if (type == SSH_SMSG_SUCCESS) 1130 if (type == SSH_SMSG_SUCCESS)
1136 goto success; 1131 goto success;
1137 if (type != SSH_SMSG_FAILURE) 1132 if (type != SSH_SMSG_FAILURE)
@@ -1146,7 +1141,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
1146 debug("Trying Kerberos v4 authentication."); 1141 debug("Trying Kerberos v4 authentication.");
1147 1142
1148 if (try_krb4_authentication()) { 1143 if (try_krb4_authentication()) {
1149 type = packet_read(&payload_len); 1144 type = packet_read();
1150 if (type == SSH_SMSG_SUCCESS) 1145 if (type == SSH_SMSG_SUCCESS)
1151 goto success; 1146 goto success;
1152 if (type != SSH_SMSG_FAILURE) 1147 if (type != SSH_SMSG_FAILURE)
@@ -1168,7 +1163,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
1168 packet_write_wait(); 1163 packet_write_wait();
1169 1164
1170 /* The server should respond with success or failure. */ 1165 /* The server should respond with success or failure. */
1171 type = packet_read(&payload_len); 1166 type = packet_read();
1172 if (type == SSH_SMSG_SUCCESS) 1167 if (type == SSH_SMSG_SUCCESS)
1173 goto success; 1168 goto success;
1174 if (type != SSH_SMSG_FAILURE) 1169 if (type != SSH_SMSG_FAILURE)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-27 17:41:32 +0000