diff options
Diffstat (limited to 'sshconnect1.c')
-rw-r--r-- | sshconnect1.c | 61 |
1 files changed, 28 insertions, 33 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index e66f35040..8b577fb0a 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.46 2001/12/28 13:57:33 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.47 2001/12/28 14:50:54 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/evp.h> | 19 | #include <openssl/evp.h> |
@@ -67,7 +67,6 @@ try_agent_authentication(void) | |||
67 | AuthenticationConnection *auth; | 67 | AuthenticationConnection *auth; |
68 | u_char response[16]; | 68 | u_char response[16]; |
69 | u_int i; | 69 | u_int i; |
70 | int plen; | ||
71 | Key *key; | 70 | Key *key; |
72 | BIGNUM *challenge; | 71 | BIGNUM *challenge; |
73 | 72 | ||
@@ -94,7 +93,7 @@ try_agent_authentication(void) | |||
94 | packet_write_wait(); | 93 | packet_write_wait(); |
95 | 94 | ||
96 | /* Wait for server's response. */ | 95 | /* Wait for server's response. */ |
97 | type = packet_read(&plen); | 96 | type = packet_read(); |
98 | 97 | ||
99 | /* The server sends failure if it doesn\'t like our key or | 98 | /* The server sends failure if it doesn\'t like our key or |
100 | does not support RSA authentication. */ | 99 | does not support RSA authentication. */ |
@@ -134,7 +133,7 @@ try_agent_authentication(void) | |||
134 | packet_write_wait(); | 133 | packet_write_wait(); |
135 | 134 | ||
136 | /* Wait for response from the server. */ | 135 | /* Wait for response from the server. */ |
137 | type = packet_read(&plen); | 136 | type = packet_read(); |
138 | 137 | ||
139 | /* The server returns success if it accepted the authentication. */ | 138 | /* The server returns success if it accepted the authentication. */ |
140 | if (type == SSH_SMSG_SUCCESS) { | 139 | if (type == SSH_SMSG_SUCCESS) { |
@@ -209,7 +208,7 @@ try_rsa_authentication(int idx) | |||
209 | BIGNUM *challenge; | 208 | BIGNUM *challenge; |
210 | Key *public, *private; | 209 | Key *public, *private; |
211 | char buf[300], *passphrase, *comment, *authfile; | 210 | char buf[300], *passphrase, *comment, *authfile; |
212 | int i, type, quit, plen; | 211 | int i, type, quit; |
213 | 212 | ||
214 | public = options.identity_keys[idx]; | 213 | public = options.identity_keys[idx]; |
215 | authfile = options.identity_files[idx]; | 214 | authfile = options.identity_files[idx]; |
@@ -224,7 +223,7 @@ try_rsa_authentication(int idx) | |||
224 | packet_write_wait(); | 223 | packet_write_wait(); |
225 | 224 | ||
226 | /* Wait for server's response. */ | 225 | /* Wait for server's response. */ |
227 | type = packet_read(&plen); | 226 | type = packet_read(); |
228 | 227 | ||
229 | /* | 228 | /* |
230 | * The server responds with failure if it doesn\'t like our key or | 229 | * The server responds with failure if it doesn\'t like our key or |
@@ -291,7 +290,7 @@ try_rsa_authentication(int idx) | |||
291 | packet_write_wait(); | 290 | packet_write_wait(); |
292 | 291 | ||
293 | /* Expect the server to reject it... */ | 292 | /* Expect the server to reject it... */ |
294 | packet_read_expect(&plen, SSH_SMSG_FAILURE); | 293 | packet_read_expect(SSH_SMSG_FAILURE); |
295 | BN_clear_free(challenge); | 294 | BN_clear_free(challenge); |
296 | return 0; | 295 | return 0; |
297 | } | 296 | } |
@@ -307,7 +306,7 @@ try_rsa_authentication(int idx) | |||
307 | BN_clear_free(challenge); | 306 | BN_clear_free(challenge); |
308 | 307 | ||
309 | /* Wait for response from the server. */ | 308 | /* Wait for response from the server. */ |
310 | type = packet_read(&plen); | 309 | type = packet_read(); |
311 | if (type == SSH_SMSG_SUCCESS) { | 310 | if (type == SSH_SMSG_SUCCESS) { |
312 | debug("RSA authentication accepted by server."); | 311 | debug("RSA authentication accepted by server."); |
313 | return 1; | 312 | return 1; |
@@ -327,7 +326,6 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key) | |||
327 | { | 326 | { |
328 | int type; | 327 | int type; |
329 | BIGNUM *challenge; | 328 | BIGNUM *challenge; |
330 | int plen; | ||
331 | 329 | ||
332 | debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); | 330 | debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); |
333 | 331 | ||
@@ -341,7 +339,7 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key) | |||
341 | packet_write_wait(); | 339 | packet_write_wait(); |
342 | 340 | ||
343 | /* Wait for server's response. */ | 341 | /* Wait for server's response. */ |
344 | type = packet_read(&plen); | 342 | type = packet_read(); |
345 | 343 | ||
346 | /* The server responds with failure if it doesn't admit our | 344 | /* The server responds with failure if it doesn't admit our |
347 | .rhosts authentication or doesn't know our host key. */ | 345 | .rhosts authentication or doesn't know our host key. */ |
@@ -368,7 +366,7 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key) | |||
368 | BN_clear_free(challenge); | 366 | BN_clear_free(challenge); |
369 | 367 | ||
370 | /* Wait for response from the server. */ | 368 | /* Wait for response from the server. */ |
371 | type = packet_read(&plen); | 369 | type = packet_read(); |
372 | if (type == SSH_SMSG_SUCCESS) { | 370 | if (type == SSH_SMSG_SUCCESS) { |
373 | debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); | 371 | debug("Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server."); |
374 | return 1; | 372 | return 1; |
@@ -388,7 +386,7 @@ try_krb4_authentication(void) | |||
388 | char inst[INST_SZ]; | 386 | char inst[INST_SZ]; |
389 | char *realm; | 387 | char *realm; |
390 | CREDENTIALS cred; | 388 | CREDENTIALS cred; |
391 | int r, type, plen; | 389 | int r, type; |
392 | socklen_t slen; | 390 | socklen_t slen; |
393 | Key_schedule schedule; | 391 | Key_schedule schedule; |
394 | u_long checksum, cksum; | 392 | u_long checksum, cksum; |
@@ -447,7 +445,7 @@ try_krb4_authentication(void) | |||
447 | fatal_cleanup(); | 445 | fatal_cleanup(); |
448 | } | 446 | } |
449 | /* Get server reply. */ | 447 | /* Get server reply. */ |
450 | type = packet_read(&plen); | 448 | type = packet_read(); |
451 | switch (type) { | 449 | switch (type) { |
452 | case SSH_SMSG_FAILURE: | 450 | case SSH_SMSG_FAILURE: |
453 | /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ | 451 | /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ |
@@ -509,7 +507,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) | |||
509 | krb5_ccache ccache = NULL; | 507 | krb5_ccache ccache = NULL; |
510 | const char *remotehost; | 508 | const char *remotehost; |
511 | krb5_data ap; | 509 | krb5_data ap; |
512 | int type, payload_len; | 510 | int type; |
513 | krb5_ap_rep_enc_part *reply = NULL; | 511 | krb5_ap_rep_enc_part *reply = NULL; |
514 | int ret; | 512 | int ret; |
515 | 513 | ||
@@ -559,7 +557,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) | |||
559 | xfree(ap.data); | 557 | xfree(ap.data); |
560 | ap.length = 0; | 558 | ap.length = 0; |
561 | 559 | ||
562 | type = packet_read(&payload_len); | 560 | type = packet_read(); |
563 | switch (type) { | 561 | switch (type) { |
564 | case SSH_SMSG_FAILURE: | 562 | case SSH_SMSG_FAILURE: |
565 | /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ | 563 | /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ |
@@ -605,7 +603,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) | |||
605 | static void | 603 | static void |
606 | send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) | 604 | send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) |
607 | { | 605 | { |
608 | int fd, type, payload_len; | 606 | int fd, type; |
609 | krb5_error_code problem; | 607 | krb5_error_code problem; |
610 | krb5_data outbuf; | 608 | krb5_data outbuf; |
611 | krb5_ccache ccache = NULL; | 609 | krb5_ccache ccache = NULL; |
@@ -655,7 +653,7 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) | |||
655 | packet_send(); | 653 | packet_send(); |
656 | packet_write_wait(); | 654 | packet_write_wait(); |
657 | 655 | ||
658 | type = packet_read(&payload_len); | 656 | type = packet_read(); |
659 | 657 | ||
660 | if (type == SSH_SMSG_SUCCESS) { | 658 | if (type == SSH_SMSG_SUCCESS) { |
661 | char *pname; | 659 | char *pname; |
@@ -690,7 +688,7 @@ send_krb4_tgt(void) | |||
690 | CREDENTIALS *creds; | 688 | CREDENTIALS *creds; |
691 | struct stat st; | 689 | struct stat st; |
692 | char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; | 690 | char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; |
693 | int problem, type, len; | 691 | int problem, type; |
694 | 692 | ||
695 | /* Don't do anything if we don't have any tickets. */ | 693 | /* Don't do anything if we don't have any tickets. */ |
696 | if (stat(tkt_string(), &st) < 0) | 694 | if (stat(tkt_string(), &st) < 0) |
@@ -717,7 +715,7 @@ send_krb4_tgt(void) | |||
717 | packet_send(); | 715 | packet_send(); |
718 | packet_write_wait(); | 716 | packet_write_wait(); |
719 | 717 | ||
720 | type = packet_read(&len); | 718 | type = packet_read(); |
721 | 719 | ||
722 | if (type == SSH_SMSG_SUCCESS) | 720 | if (type == SSH_SMSG_SUCCESS) |
723 | debug("Kerberos v4 TGT forwarded (%s%s%s@%s).", | 721 | debug("Kerberos v4 TGT forwarded (%s%s%s@%s).", |
@@ -795,7 +793,7 @@ send_afs_tokens(void) | |||
795 | 793 | ||
796 | /* Roger, Roger. Clearance, Clarence. What's your vector, | 794 | /* Roger, Roger. Clearance, Clarence. What's your vector, |
797 | Victor? */ | 795 | Victor? */ |
798 | type = packet_read(&len); | 796 | type = packet_read(); |
799 | 797 | ||
800 | if (type == SSH_SMSG_FAILURE) | 798 | if (type == SSH_SMSG_FAILURE) |
801 | debug("AFS token for cell %s rejected.", server_cell); | 799 | debug("AFS token for cell %s rejected.", server_cell); |
@@ -814,7 +812,6 @@ static int | |||
814 | try_challenge_response_authentication(void) | 812 | try_challenge_response_authentication(void) |
815 | { | 813 | { |
816 | int type, i; | 814 | int type, i; |
817 | int payload_len; | ||
818 | u_int clen; | 815 | u_int clen; |
819 | char prompt[1024]; | 816 | char prompt[1024]; |
820 | char *challenge, *response; | 817 | char *challenge, *response; |
@@ -827,7 +824,7 @@ try_challenge_response_authentication(void) | |||
827 | packet_send(); | 824 | packet_send(); |
828 | packet_write_wait(); | 825 | packet_write_wait(); |
829 | 826 | ||
830 | type = packet_read(&payload_len); | 827 | type = packet_read(); |
831 | if (type != SSH_SMSG_FAILURE && | 828 | if (type != SSH_SMSG_FAILURE && |
832 | type != SSH_SMSG_AUTH_TIS_CHALLENGE) { | 829 | type != SSH_SMSG_AUTH_TIS_CHALLENGE) { |
833 | packet_disconnect("Protocol error: got %d in response " | 830 | packet_disconnect("Protocol error: got %d in response " |
@@ -858,7 +855,7 @@ try_challenge_response_authentication(void) | |||
858 | xfree(response); | 855 | xfree(response); |
859 | packet_send(); | 856 | packet_send(); |
860 | packet_write_wait(); | 857 | packet_write_wait(); |
861 | type = packet_read(&payload_len); | 858 | type = packet_read(); |
862 | if (type == SSH_SMSG_SUCCESS) | 859 | if (type == SSH_SMSG_SUCCESS) |
863 | return 1; | 860 | return 1; |
864 | if (type != SSH_SMSG_FAILURE) | 861 | if (type != SSH_SMSG_FAILURE) |
@@ -875,7 +872,7 @@ try_challenge_response_authentication(void) | |||
875 | static int | 872 | static int |
876 | try_password_authentication(char *prompt) | 873 | try_password_authentication(char *prompt) |
877 | { | 874 | { |
878 | int type, i, payload_len; | 875 | int type, i; |
879 | char *password; | 876 | char *password; |
880 | 877 | ||
881 | debug("Doing password authentication."); | 878 | debug("Doing password authentication."); |
@@ -892,7 +889,7 @@ try_password_authentication(char *prompt) | |||
892 | packet_send(); | 889 | packet_send(); |
893 | packet_write_wait(); | 890 | packet_write_wait(); |
894 | 891 | ||
895 | type = packet_read(&payload_len); | 892 | type = packet_read(); |
896 | if (type == SSH_SMSG_SUCCESS) | 893 | if (type == SSH_SMSG_SUCCESS) |
897 | return 1; | 894 | return 1; |
898 | if (type != SSH_SMSG_FAILURE) | 895 | if (type != SSH_SMSG_FAILURE) |
@@ -917,13 +914,12 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
917 | u_char cookie[8]; | 914 | u_char cookie[8]; |
918 | u_int supported_ciphers; | 915 | u_int supported_ciphers; |
919 | u_int server_flags, client_flags; | 916 | u_int server_flags, client_flags; |
920 | int payload_len; | ||
921 | u_int32_t rand = 0; | 917 | u_int32_t rand = 0; |
922 | 918 | ||
923 | debug("Waiting for server public key."); | 919 | debug("Waiting for server public key."); |
924 | 920 | ||
925 | /* Wait for a public key packet from the server. */ | 921 | /* Wait for a public key packet from the server. */ |
926 | packet_read_expect(&payload_len, SSH_SMSG_PUBLIC_KEY); | 922 | packet_read_expect(SSH_SMSG_PUBLIC_KEY); |
927 | 923 | ||
928 | /* Get cookie from the packet. */ | 924 | /* Get cookie from the packet. */ |
929 | for (i = 0; i < 8; i++) | 925 | for (i = 0; i < 8; i++) |
@@ -1084,7 +1080,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
1084 | * Expect a success message from the server. Note that this message | 1080 | * Expect a success message from the server. Note that this message |
1085 | * will be received in encrypted form. | 1081 | * will be received in encrypted form. |
1086 | */ | 1082 | */ |
1087 | packet_read_expect(&payload_len, SSH_SMSG_SUCCESS); | 1083 | packet_read_expect(SSH_SMSG_SUCCESS); |
1088 | 1084 | ||
1089 | debug("Received encrypted confirmation."); | 1085 | debug("Received encrypted confirmation."); |
1090 | } | 1086 | } |
@@ -1101,7 +1097,6 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, | |||
1101 | krb5_auth_context auth_context = NULL; | 1097 | krb5_auth_context auth_context = NULL; |
1102 | #endif | 1098 | #endif |
1103 | int i, type; | 1099 | int i, type; |
1104 | int payload_len; | ||
1105 | 1100 | ||
1106 | if (supported_authentications == 0) | 1101 | if (supported_authentications == 0) |
1107 | fatal("ssh_userauth1: server supports no auth methods"); | 1102 | fatal("ssh_userauth1: server supports no auth methods"); |
@@ -1117,7 +1112,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, | |||
1117 | * needed (the user has no password). Otherwise the server responds | 1112 | * needed (the user has no password). Otherwise the server responds |
1118 | * with failure. | 1113 | * with failure. |
1119 | */ | 1114 | */ |
1120 | type = packet_read(&payload_len); | 1115 | type = packet_read(); |
1121 | 1116 | ||
1122 | /* check whether the connection was accepted without authentication. */ | 1117 | /* check whether the connection was accepted without authentication. */ |
1123 | if (type == SSH_SMSG_SUCCESS) | 1118 | if (type == SSH_SMSG_SUCCESS) |
@@ -1131,7 +1126,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, | |||
1131 | debug("Trying Kerberos v5 authentication."); | 1126 | debug("Trying Kerberos v5 authentication."); |
1132 | 1127 | ||
1133 | if (try_krb5_authentication(&context, &auth_context)) { | 1128 | if (try_krb5_authentication(&context, &auth_context)) { |
1134 | type = packet_read(&payload_len); | 1129 | type = packet_read(); |
1135 | if (type == SSH_SMSG_SUCCESS) | 1130 | if (type == SSH_SMSG_SUCCESS) |
1136 | goto success; | 1131 | goto success; |
1137 | if (type != SSH_SMSG_FAILURE) | 1132 | if (type != SSH_SMSG_FAILURE) |
@@ -1146,7 +1141,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, | |||
1146 | debug("Trying Kerberos v4 authentication."); | 1141 | debug("Trying Kerberos v4 authentication."); |
1147 | 1142 | ||
1148 | if (try_krb4_authentication()) { | 1143 | if (try_krb4_authentication()) { |
1149 | type = packet_read(&payload_len); | 1144 | type = packet_read(); |
1150 | if (type == SSH_SMSG_SUCCESS) | 1145 | if (type == SSH_SMSG_SUCCESS) |
1151 | goto success; | 1146 | goto success; |
1152 | if (type != SSH_SMSG_FAILURE) | 1147 | if (type != SSH_SMSG_FAILURE) |
@@ -1168,7 +1163,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, | |||
1168 | packet_write_wait(); | 1163 | packet_write_wait(); |
1169 | 1164 | ||
1170 | /* The server should respond with success or failure. */ | 1165 | /* The server should respond with success or failure. */ |
1171 | type = packet_read(&payload_len); | 1166 | type = packet_read(); |
1172 | if (type == SSH_SMSG_SUCCESS) | 1167 | if (type == SSH_SMSG_SUCCESS) |
1173 | goto success; | 1168 | goto success; |
1174 | if (type != SSH_SMSG_FAILURE) | 1169 | if (type != SSH_SMSG_FAILURE) |