diff options
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 703d0721f..1f92f0296 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.112 2003/03/05 22:33:43 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include "ssh.h" | 28 | #include "ssh.h" |
| 29 | #include "ssh2.h" | 29 | #include "ssh2.h" |
| @@ -110,6 +110,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
| 110 | 110 | ||
| 111 | /* start key exchange */ | 111 | /* start key exchange */ |
| 112 | kex = kex_setup(myproposal); | 112 | kex = kex_setup(myproposal); |
| 113 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; | ||
| 114 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | ||
| 113 | kex->client_version_string=client_version_string; | 115 | kex->client_version_string=client_version_string; |
| 114 | kex->server_version_string=server_version_string; | 116 | kex->server_version_string=server_version_string; |
| 115 | kex->verify_host_key=&verify_host_key_callback; | 117 | kex->verify_host_key=&verify_host_key_callback; |
| @@ -128,7 +130,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
| 128 | packet_send(); | 130 | packet_send(); |
| 129 | packet_write_wait(); | 131 | packet_write_wait(); |
| 130 | #endif | 132 | #endif |
| 131 | debug("done: ssh_kex2."); | ||
| 132 | } | 133 | } |
| 133 | 134 | ||
| 134 | /* | 135 | /* |
| @@ -224,24 +225,23 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
| 224 | if (options.challenge_response_authentication) | 225 | if (options.challenge_response_authentication) |
| 225 | options.kbd_interactive_authentication = 1; | 226 | options.kbd_interactive_authentication = 1; |
| 226 | 227 | ||
| 227 | debug("send SSH2_MSG_SERVICE_REQUEST"); | ||
| 228 | packet_start(SSH2_MSG_SERVICE_REQUEST); | 228 | packet_start(SSH2_MSG_SERVICE_REQUEST); |
| 229 | packet_put_cstring("ssh-userauth"); | 229 | packet_put_cstring("ssh-userauth"); |
| 230 | packet_send(); | 230 | packet_send(); |
| 231 | debug("SSH2_MSG_SERVICE_REQUEST sent"); | ||
| 231 | packet_write_wait(); | 232 | packet_write_wait(); |
| 232 | type = packet_read(); | 233 | type = packet_read(); |
| 233 | if (type != SSH2_MSG_SERVICE_ACCEPT) { | 234 | if (type != SSH2_MSG_SERVICE_ACCEPT) |
| 234 | fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); | 235 | fatal("Server denied authentication request: %d", type); |
| 235 | } | ||
| 236 | if (packet_remaining() > 0) { | 236 | if (packet_remaining() > 0) { |
| 237 | char *reply = packet_get_string(NULL); | 237 | char *reply = packet_get_string(NULL); |
| 238 | debug("service_accept: %s", reply); | 238 | debug2("service_accept: %s", reply); |
| 239 | xfree(reply); | 239 | xfree(reply); |
| 240 | } else { | 240 | } else { |
| 241 | debug("buggy server: service_accept w/o service"); | 241 | debug2("buggy server: service_accept w/o service"); |
| 242 | } | 242 | } |
| 243 | packet_check_eom(); | 243 | packet_check_eom(); |
| 244 | debug("got SSH2_MSG_SERVICE_ACCEPT"); | 244 | debug("SSH2_MSG_SERVICE_ACCEPT received"); |
| 245 | 245 | ||
| 246 | if (options.preferred_authentications == NULL) | 246 | if (options.preferred_authentications == NULL) |
| 247 | options.preferred_authentications = authmethods_get(); | 247 | options.preferred_authentications = authmethods_get(); |
| @@ -273,7 +273,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
| 273 | if (authctxt.agent != NULL) | 273 | if (authctxt.agent != NULL) |
| 274 | ssh_close_authentication_connection(authctxt.agent); | 274 | ssh_close_authentication_connection(authctxt.agent); |
| 275 | 275 | ||
| 276 | debug("ssh-userauth2 successful: method %s", authctxt.method->name); | 276 | debug("Authentication succeeded (%s).", authctxt.method->name); |
| 277 | } | 277 | } |
| 278 | void | 278 | void |
| 279 | userauth(Authctxt *authctxt, char *authlist) | 279 | userauth(Authctxt *authctxt, char *authlist) |
| @@ -347,7 +347,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) | |||
| 347 | 347 | ||
| 348 | if (partial != 0) | 348 | if (partial != 0) |
| 349 | log("Authenticated with partial success."); | 349 | log("Authenticated with partial success."); |
| 350 | debug("authentications that can continue: %s", authlist); | 350 | debug("Authentications that can continue: %s", authlist); |
| 351 | 351 | ||
| 352 | clear_auth_state(authctxt); | 352 | clear_auth_state(authctxt); |
| 353 | userauth(authctxt, authlist); | 353 | userauth(authctxt, authlist); |
| @@ -379,7 +379,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
| 379 | } | 379 | } |
| 380 | packet_check_eom(); | 380 | packet_check_eom(); |
| 381 | 381 | ||
| 382 | debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d", | 382 | debug("Server accepts key: pkalg %s blen %u lastkey %p hint %d", |
| 383 | pkalg, blen, authctxt->last_key, authctxt->last_key_hint); | 383 | pkalg, blen, authctxt->last_key, authctxt->last_key_hint); |
| 384 | 384 | ||
| 385 | do { | 385 | do { |
| @@ -764,7 +764,7 @@ userauth_pubkey_agent(Authctxt *authctxt) | |||
| 764 | if (k == NULL) { | 764 | if (k == NULL) { |
| 765 | debug2("userauth_pubkey_agent: no more keys"); | 765 | debug2("userauth_pubkey_agent: no more keys"); |
| 766 | } else { | 766 | } else { |
| 767 | debug("userauth_pubkey_agent: testing agent key %s", comment); | 767 | debug("Offering agent key: %s", comment); |
| 768 | xfree(comment); | 768 | xfree(comment); |
| 769 | ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1); | 769 | ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1); |
| 770 | if (ret == 0) | 770 | if (ret == 0) |
| @@ -792,7 +792,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 792 | key = options.identity_keys[idx]; | 792 | key = options.identity_keys[idx]; |
| 793 | filename = options.identity_files[idx]; | 793 | filename = options.identity_files[idx]; |
| 794 | if (key == NULL) { | 794 | if (key == NULL) { |
| 795 | debug("try privkey: %s", filename); | 795 | debug("Trying private key: %s", filename); |
| 796 | key = load_identity_file(filename); | 796 | key = load_identity_file(filename); |
| 797 | if (key != NULL) { | 797 | if (key != NULL) { |
| 798 | sent = sign_and_send_pubkey(authctxt, key, | 798 | sent = sign_and_send_pubkey(authctxt, key, |
| @@ -800,7 +800,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 800 | key_free(key); | 800 | key_free(key); |
| 801 | } | 801 | } |
| 802 | } else if (key->type != KEY_RSA1) { | 802 | } else if (key->type != KEY_RSA1) { |
| 803 | debug("try pubkey: %s", filename); | 803 | debug("Offering public key: %s", filename); |
| 804 | sent = send_pubkey_test(authctxt, key, | 804 | sent = send_pubkey_test(authctxt, key, |
| 805 | identity_sign_cb, idx); | 805 | identity_sign_cb, idx); |
| 806 | } | 806 | } |
| @@ -906,7 +906,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, | |||
| 906 | pid_t pid; | 906 | pid_t pid; |
| 907 | int to[2], from[2], status, version = 2; | 907 | int to[2], from[2], status, version = 2; |
| 908 | 908 | ||
| 909 | debug("ssh_keysign called"); | 909 | debug2("ssh_keysign called"); |
| 910 | 910 | ||
| 911 | if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { | 911 | if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { |
| 912 | error("ssh_keysign: no installed: %s", strerror(errno)); | 912 | error("ssh_keysign: no installed: %s", strerror(errno)); |
| @@ -995,7 +995,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 995 | } | 995 | } |
| 996 | } | 996 | } |
| 997 | if (!found) { | 997 | if (!found) { |
| 998 | debug("userauth_hostbased: no more client hostkeys"); | 998 | debug("No more client hostkeys for hostbased authentication."); |
| 999 | return 0; | 999 | return 0; |
| 1000 | } | 1000 | } |
| 1001 | if (key_to_blob(private, &blob, &blen) == 0) { | 1001 | if (key_to_blob(private, &blob, &blen) == 0) { |
| @@ -1014,6 +1014,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 1014 | strlcpy(chost, p, len); | 1014 | strlcpy(chost, p, len); |
| 1015 | strlcat(chost, ".", len); | 1015 | strlcat(chost, ".", len); |
| 1016 | debug2("userauth_hostbased: chost %s", chost); | 1016 | debug2("userauth_hostbased: chost %s", chost); |
| 1017 | xfree(p); | ||
| 1017 | 1018 | ||
| 1018 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | 1019 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : |
| 1019 | authctxt->service; | 1020 | authctxt->service; |
| @@ -1109,7 +1110,6 @@ static char *preferred = NULL; | |||
| 1109 | static Authmethod * | 1110 | static Authmethod * |
| 1110 | authmethod_get(char *authlist) | 1111 | authmethod_get(char *authlist) |
| 1111 | { | 1112 | { |
| 1112 | |||
| 1113 | char *name = NULL; | 1113 | char *name = NULL; |
| 1114 | u_int next; | 1114 | u_int next; |
| 1115 | 1115 | ||
| @@ -1130,7 +1130,7 @@ authmethod_get(char *authlist) | |||
| 1130 | 1130 | ||
| 1131 | for (;;) { | 1131 | for (;;) { |
| 1132 | if ((name = match_list(preferred, supported, &next)) == NULL) { | 1132 | if ((name = match_list(preferred, supported, &next)) == NULL) { |
| 1133 | debug("no more auth methods to try"); | 1133 | debug("No more authentication methods to try."); |
| 1134 | current = NULL; | 1134 | current = NULL; |
| 1135 | return NULL; | 1135 | return NULL; |
| 1136 | } | 1136 | } |
| @@ -1140,7 +1140,7 @@ authmethod_get(char *authlist) | |||
| 1140 | if ((current = authmethod_lookup(name)) != NULL && | 1140 | if ((current = authmethod_lookup(name)) != NULL && |
| 1141 | authmethod_is_enabled(current)) { | 1141 | authmethod_is_enabled(current)) { |
| 1142 | debug3("authmethod_is_enabled %s", name); | 1142 | debug3("authmethod_is_enabled %s", name); |
| 1143 | debug("next auth method to try is %s", name); | 1143 | debug("Next authentication method: %s", name); |
| 1144 | return current; | 1144 | return current; |
| 1145 | } | 1145 | } |
| 1146 | } | 1146 | } |