summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/auth-rh-rsa.c4
-rw-r--r--usr.bin/ssh/auth-rhosts.c13
-rw-r--r--usr.bin/ssh/auth-rsa.c8
-rw-r--r--usr.bin/ssh/channels.c3
-rw-r--r--usr.bin/ssh/clientloop.c6
-rw-r--r--usr.bin/ssh/ssh.c4
-rw-r--r--usr.bin/ssh/ssh.h122
-rw-r--r--usr.bin/ssh/sshconnect.c101
-rw-r--r--usr.bin/ssh/sshd.c7
9 files changed, 131 insertions, 137 deletions
diff --git a/usr.bin/ssh/auth-rh-rsa.c b/usr.bin/ssh/auth-rh-rsa.c
index 7da5192143f..2c3757ed312 100644
--- a/usr.bin/ssh/auth-rh-rsa.c
+++ b/usr.bin/ssh/auth-rh-rsa.c
@@ -15,7 +15,7 @@ authentication.
*/
#include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.4 1999/11/11 22:58:38 markus Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.5 1999/11/11 23:36:52 markus Exp $");
#include "packet.h"
#include "ssh.h"
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
debug("Trying rhosts with RSA host authentication for %.100s", client_user);
/* Check if we would accept it using rhosts authentication. */
- if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
+ if (!auth_rhosts(pw, client_user))
return 0;
canonical_hostname = get_canonical_hostname();
diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c
index 8038ce87a59..4c14252e239 100644
--- a/usr.bin/ssh/auth-rhosts.c
+++ b/usr.bin/ssh/auth-rhosts.c
@@ -16,12 +16,13 @@ the login based on rhosts authentication. This file also processes
*/
#include "includes.h"
-RCSID("$Id: auth-rhosts.c,v 1.5 1999/10/03 20:09:18 deraadt Exp $");
+RCSID("$Id: auth-rhosts.c,v 1.6 1999/11/11 23:36:52 markus Exp $");
#include "packet.h"
#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "servconf.h"
/* This function processes an rhosts-style file (.rhosts, .shosts, or
/etc/hosts.equiv). This returns true if authentication can be granted
@@ -155,9 +156,9 @@ int check_rhosts_file(const char *filename, const char *hostname,
true, only /etc/hosts.equiv will be considered (.rhosts and .shosts
are ignored). */
-int auth_rhosts(struct passwd *pw, const char *client_user,
- int ignore_rhosts, int strict_modes)
+int auth_rhosts(struct passwd *pw, const char *client_user)
{
+ extern ServerOptions options;
char buf[1024];
const char *hostname, *ipaddr;
int port;
@@ -234,7 +235,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
pw->pw_name, pw->pw_dir);
return 0;
}
- if (strict_modes &&
+ if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0))
{
@@ -261,7 +262,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
and make sure it is not writable by anyone but the owner. This is
to help avoid novices accidentally allowing access to their account
by anyone. */
- if (strict_modes &&
+ if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0))
{
@@ -273,7 +274,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
/* Check if we have been configured to ignore .rhosts and .shosts
files. */
- if (ignore_rhosts)
+ if (options.ignore_rhosts)
{
packet_send_debug("Server has been configured to ignore %.100s.",
rhosts_files[rhosts_file_index]);
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c
index 3e47e9f2ac4..10786a8f5fc 100644
--- a/usr.bin/ssh/auth-rsa.c
+++ b/usr.bin/ssh/auth-rsa.c
@@ -16,7 +16,7 @@ validity of the host key.
*/
#include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.7 1999/11/02 19:42:34 markus Exp $");
+RCSID("$Id: auth-rsa.c,v 1.8 1999/11/11 23:36:52 markus Exp $");
#include "rsa.h"
#include "packet.h"
@@ -24,6 +24,7 @@ RCSID("$Id: auth-rsa.c,v 1.7 1999/11/02 19:42:34 markus Exp $");
#include "ssh.h"
#include "mpaux.h"
#include "uidswap.h"
+#include "servconf.h"
#include <ssl/rsa.h>
#include <ssl/md5.h>
@@ -128,8 +129,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
successful. This may exit if there is a serious protocol violation. */
int
-auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes)
+auth_rsa(struct passwd *pw, BIGNUM *client_n)
{
+ extern ServerOptions options;
char line[8192];
int authenticated;
unsigned int bits;
@@ -164,7 +166,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes)
return 0;
}
- if (strict_modes) {
+ if (options.strict_modes) {
int fail=0;
char buf[1024];
/* Check open file in order to avoid open/stat races */
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index 25bba4a782f..a4af21cc150 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.19 1999/11/02 19:42:35 markus Exp $");
+RCSID("$Id: channels.c,v 1.20 1999/11/11 23:36:52 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -24,6 +24,7 @@ RCSID("$Id: channels.c,v 1.19 1999/11/02 19:42:35 markus Exp $");
#include "buffer.h"
#include "authfd.h"
#include "uidswap.h"
+#include "readconf.h"
#include "servconf.h"
#include "channels.h"
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 590179a7ab4..122b7fb0ca3 100644
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -15,7 +15,7 @@ The main loop for the interactive session (client side).
*/
#include "includes.h"
-RCSID("$Id: clientloop.c,v 1.8 1999/11/10 23:36:43 markus Exp $");
+RCSID("$Id: clientloop.c,v 1.9 1999/11/11 23:36:53 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -24,9 +24,6 @@ RCSID("$Id: clientloop.c,v 1.8 1999/11/10 23:36:43 markus Exp $");
#include "authfd.h"
#include "readconf.h"
-/* Flag indicating whether quiet mode is on. */
-extern Options options;
-
/* Flag indicating that stdin should be redirected from /dev/null. */
extern int stdin_null_flag;
@@ -764,6 +761,7 @@ void client_process_output(fd_set *writeset)
int client_loop(int have_pty, int escape_char_arg)
{
+ extern Options options;
double start_time, total_time;
int len;
char buf[100];
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 8cd6b7e3ab2..14cc02f7279 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.27 1999/11/10 23:36:44 markus Exp $");
+RCSID("$Id: ssh.c,v 1.28 1999/11/11 23:36:53 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -590,7 +590,7 @@ main(int ac, char **av)
/* Log into the remote system. This never returns if the login fails. */
ssh_login(host_private_key_loaded, host_private_key,
- host, &hostaddr, &options, original_real_uid);
+ host, &hostaddr, original_real_uid);
/* We no longer need the host private key. Clear it now. */
if (host_private_key_loaded)
diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h
index d6002aa11bd..3c9be45e506 100644
--- a/usr.bin/ssh/ssh.h
+++ b/usr.bin/ssh/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
*/
-/* RCSID("$Id: ssh.h,v 1.19 1999/11/11 22:58:38 markus Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.20 1999/11/11 23:36:53 markus Exp $"); */
#ifndef SSH_H
#define SSH_H
@@ -204,60 +204,6 @@ only by root, whereas ssh_config should be world-readable. */
#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
-
-/*------------ Definitions for logging. -----------------------*/
-
-/* Supported syslog facilities and levels. */
-typedef enum
-{
- SYSLOG_FACILITY_DAEMON,
- SYSLOG_FACILITY_USER,
- SYSLOG_FACILITY_AUTH,
- SYSLOG_FACILITY_LOCAL0,
- SYSLOG_FACILITY_LOCAL1,
- SYSLOG_FACILITY_LOCAL2,
- SYSLOG_FACILITY_LOCAL3,
- SYSLOG_FACILITY_LOCAL4,
- SYSLOG_FACILITY_LOCAL5,
- SYSLOG_FACILITY_LOCAL6,
- SYSLOG_FACILITY_LOCAL7
-} SyslogFacility;
-
-typedef enum
-{
- SYSLOG_LEVEL_QUIET,
- SYSLOG_LEVEL_FATAL,
- SYSLOG_LEVEL_ERROR,
- SYSLOG_LEVEL_INFO,
- SYSLOG_LEVEL_CHAT,
- SYSLOG_LEVEL_DEBUG
-} LogLevel;
-
-/* Initializes logging. */
-void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
-
-/* Logging implementation, depending on server or client */
-void do_log(LogLevel level, const char *fmt, va_list args);
-
-/* Output a message to syslog or stderr */
-void fatal(const char *fmt, ...);
-void error(const char *fmt, ...);
-void log(const char *fmt, ...);
-void chat(const char *fmt, ...);
-void debug(const char *fmt, ...);
-
-/* same as fatal() but w/o logging */
-void fatal_cleanup(void);
-
-/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting.
- It is permissible to call fatal_remove_cleanup for the function itself
- from the function. */
-void fatal_add_cleanup(void (*proc)(void *context), void *context);
-
-/* Removes a cleanup function to be called at fatal(). */
-void fatal_remove_cleanup(void (*proc)(void *context), void *context);
-
-
/*------------ definitions for login.c -------------*/
/* Returns the time when the user last logged in. Returns 0 if the
@@ -297,21 +243,15 @@ int ssh_connect(const char *host, struct sockaddr_in *hostaddr,
This initializes the random state, and leaves it initialized (it will also
have references from the packet module). */
-/* for Options */
-#include "readconf.h"
-
void ssh_login(int host_key_valid, RSA *host_key, const char *host,
- struct sockaddr_in *hostaddr, Options *options,
- uid_t original_real_uid);
+ struct sockaddr_in *hostaddr, uid_t original_real_uid);
/*------------ Definitions for various authentication methods. -------*/
/* Tries to authenticate the user using the .rhosts file. Returns true if
authentication succeeds. If ignore_rhosts is non-zero, this will not
- consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
- If strict_modes is true, checks ownership and modes of .rhosts/.shosts. */
-int auth_rhosts(struct passwd *pw, const char *client_user,
- int ignore_rhosts, int strict_modes);
+ consider .rhosts and .shosts (/etc/hosts.equiv will still be used). */
+int auth_rhosts(struct passwd *pw, const char *client_user);
/* Tries to authenticate the user using the .rhosts file and the host using
its host key. Returns true if authentication succeeds. */
@@ -326,7 +266,7 @@ int auth_password(struct passwd *pw, const char *password);
/* Performs the RSA authentication dialog with the client. This returns
0 if the client could not be authenticated, and 1 if authentication was
successful. This may exit if there is a serious protocol violation. */
-int auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes);
+int auth_rsa(struct passwd *pw, BIGNUM *client_n);
/* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
over the key. Skips any whitespace at the beginning and at end. */
@@ -404,6 +344,58 @@ int load_public_key(const char *filename, RSA *pub,
int load_private_key(const char *filename, const char *passphrase,
RSA *private_key, char **comment_return);
+/*------------ Definitions for logging. -----------------------*/
+
+/* Supported syslog facilities and levels. */
+typedef enum
+{
+ SYSLOG_FACILITY_DAEMON,
+ SYSLOG_FACILITY_USER,
+ SYSLOG_FACILITY_AUTH,
+ SYSLOG_FACILITY_LOCAL0,
+ SYSLOG_FACILITY_LOCAL1,
+ SYSLOG_FACILITY_LOCAL2,
+ SYSLOG_FACILITY_LOCAL3,
+ SYSLOG_FACILITY_LOCAL4,
+ SYSLOG_FACILITY_LOCAL5,
+ SYSLOG_FACILITY_LOCAL6,
+ SYSLOG_FACILITY_LOCAL7
+} SyslogFacility;
+
+typedef enum
+{
+ SYSLOG_LEVEL_QUIET,
+ SYSLOG_LEVEL_FATAL,
+ SYSLOG_LEVEL_ERROR,
+ SYSLOG_LEVEL_INFO,
+ SYSLOG_LEVEL_CHAT,
+ SYSLOG_LEVEL_DEBUG
+} LogLevel;
+
+/* Initializes logging. */
+void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
+
+/* Logging implementation, depending on server or client */
+void do_log(LogLevel level, const char *fmt, va_list args);
+
+/* Output a message to syslog or stderr */
+void fatal(const char *fmt, ...);
+void error(const char *fmt, ...);
+void log(const char *fmt, ...);
+void chat(const char *fmt, ...);
+void debug(const char *fmt, ...);
+
+/* same as fatal() but w/o logging */
+void fatal_cleanup(void);
+
+/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting.
+ It is permissible to call fatal_remove_cleanup for the function itself
+ from the function. */
+void fatal_add_cleanup(void (*proc)(void *context), void *context);
+
+/* Removes a cleanup function to be called at fatal(). */
+void fatal_remove_cleanup(void (*proc)(void *context), void *context);
+
/*---------------- definitions for channels ------------------*/
/* Sets specific protocol options. */
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 5449bd21d0e..7a033e69098 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -15,7 +15,7 @@ login (authentication) dialog.
*/
#include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.26 1999/11/07 22:38:39 markus Exp $");
+RCSID("$Id: sshconnect.c,v 1.27 1999/11/11 23:36:53 markus Exp $");
#include <ssl/bn.h>
#include "xmalloc.h"
@@ -27,6 +27,7 @@ RCSID("$Id: sshconnect.c,v 1.26 1999/11/07 22:38:39 markus Exp $");
#include "mpaux.h"
#include "uidswap.h"
#include "compat.h"
+#include "readconf.h"
#include <ssl/md5.h>
@@ -478,9 +479,9 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
the user using it. */
int
-try_rsa_authentication(struct passwd *pw, const char *authfile,
- int may_ask_passphrase)
+try_rsa_authentication(struct passwd *pw, const char *authfile)
{
+ extern Options options;
BIGNUM *challenge;
RSA *private_key;
RSA *public_key;
@@ -542,7 +543,7 @@ try_rsa_authentication(struct passwd *pw, const char *authfile,
return. */
snprintf(buf, sizeof buf,
"Enter passphrase for RSA key '%.100s': ", comment);
- if (may_ask_passphrase)
+ if (!options.batch_mode)
passphrase = read_passphrase(buf, 0);
else
{
@@ -1006,8 +1007,9 @@ void ssh_login(int host_key_valid,
RSA *own_host_key,
const char *orighost,
struct sockaddr_in *hostaddr,
- Options *options, uid_t original_real_uid)
+ uid_t original_real_uid)
{
+ extern Options options;
int i, type;
char *password;
struct passwd *pw;
@@ -1027,7 +1029,7 @@ void ssh_login(int host_key_valid,
int payload_len, clen, sum_len = 0;
u_int32_t rand = 0;
- if (options->check_host_ip)
+ if (options.check_host_ip)
ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
/* Convert the user-supplied hostname into all lowercase. */
@@ -1048,7 +1050,7 @@ void ssh_login(int host_key_valid,
if (!pw)
fatal("User id %d not found from user database.", original_real_uid);
local_user = xstrdup(pw->pw_name);
- server_user = options->user ? options->user : local_user;
+ server_user = options.user ? options.user : local_user;
debug("Waiting for server public key.");
@@ -1124,12 +1126,12 @@ void ssh_login(int host_key_valid,
/* Check if the host key is present in the user\'s list of known hosts
or in the systemwide list. */
- host_status = check_host_in_hostfile(options->user_hostfile,
+ host_status = check_host_in_hostfile(options.user_hostfile,
host, BN_num_bits(host_key->n),
host_key->e, host_key->n,
file_key->e, file_key->n);
if (host_status == HOST_NEW)
- host_status = check_host_in_hostfile(options->system_hostfile, host,
+ host_status = check_host_in_hostfile(options.system_hostfile, host,
BN_num_bits(host_key->n),
host_key->e, host_key->n,
file_key->e, file_key->n);
@@ -1146,17 +1148,17 @@ void ssh_login(int host_key_valid,
/* Also perform check for the ip address, skip the check if we are
localhost or the hostname was an ip address to begin with */
- if (options->check_host_ip && !local && strcmp(host, ip)) {
+ if (options.check_host_ip && !local && strcmp(host, ip)) {
RSA *ip_key = RSA_new();
ip_key->n = BN_new();
ip_key->e = BN_new();
- ip_status = check_host_in_hostfile(options->user_hostfile, ip,
+ ip_status = check_host_in_hostfile(options.user_hostfile, ip,
BN_num_bits(host_key->n),
host_key->e, host_key->n,
ip_key->e, ip_key->n);
if (ip_status == HOST_NEW)
- ip_status = check_host_in_hostfile(options->system_hostfile, ip,
+ ip_status = check_host_in_hostfile(options.system_hostfile, ip,
BN_num_bits(host_key->n),
host_key->e, host_key->n,
ip_key->e, ip_key->n);
@@ -1175,13 +1177,13 @@ void ssh_login(int host_key_valid,
case HOST_OK:
/* The host is known and the key matches. */
debug("Host '%.200s' is known and matches the host key.", host);
- if (options->check_host_ip) {
+ if (options.check_host_ip) {
if (ip_status == HOST_NEW) {
- if (!add_host_to_hostfile(options->user_hostfile, ip,
+ if (!add_host_to_hostfile(options.user_hostfile, ip,
BN_num_bits(host_key->n),
host_key->e, host_key->n))
log("Failed to add the host ip to the list of known hosts (%.30s).",
- options->user_hostfile);
+ options.user_hostfile);
else
log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip);
} else if (ip_status != HOST_OK)
@@ -1193,12 +1195,12 @@ void ssh_login(int host_key_valid,
{
char hostline[1000], *hostp = hostline;
/* The host is new. */
- if (options->strict_host_key_checking == 1) {
+ if (options.strict_host_key_checking == 1) {
/* User has requested strict host key checking. We will not
add the host key automatically. The only alternative left
is to abort. */
fatal("No host key is known for %.200s and you have requested strict checking.", host);
- } else if (options->strict_host_key_checking == 2) { /* The default */
+ } else if (options.strict_host_key_checking == 2) { /* The default */
char prompt[1024];
snprintf(prompt, sizeof(prompt),
"The authenticity of host '%.200s' can't be established.\n"
@@ -1208,25 +1210,25 @@ void ssh_login(int host_key_valid,
fatal("Aborted by user!\n");
}
- if (options->check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
+ if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
else
hostp = host;
/* If not in strict mode, add the key automatically to the local
known_hosts file. */
- if (!add_host_to_hostfile(options->user_hostfile, hostp,
+ if (!add_host_to_hostfile(options.user_hostfile, hostp,
BN_num_bits(host_key->n),
host_key->e, host_key->n))
log("Failed to add the host to the list of known hosts (%.500s).",
- options->user_hostfile);
+ options.user_hostfile);
else
log("Warning: Permanently added '%.200s' to the list of known hosts.",
hostp);
break;
}
case HOST_CHANGED:
- if (options->check_host_ip) {
+ if (options.check_host_ip) {
if (host_ip_differ) {
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
@@ -1248,23 +1250,23 @@ void ssh_login(int host_key_valid,
error("It is also possible that the host key has just been changed.");
error("Please contact your system administrator.");
error("Add correct host key in %.100s to get rid of this message.",
- options->user_hostfile);
+ options.user_hostfile);
/* If strict host key checking is in use, the user will have to edit
the key manually and we can only abort. */
- if (options->strict_host_key_checking)
+ if (options.strict_host_key_checking)
fatal("Host key for %.200s has changed and you have requested strict checking.", host);
/* If strict host key checking has not been requested, allow the
connection but without password authentication or
agent forwarding. */
- if (options->password_authentication) {
+ if (options.password_authentication) {
error("Password authentication is disabled to avoid trojan horses.");
- options->password_authentication = 0;
+ options.password_authentication = 0;
}
- if (options->forward_agent) {
+ if (options.forward_agent) {
error("Agent forwarding is disabled to avoid trojan horses.");
- options->forward_agent = 0;
+ options.forward_agent = 0;
}
/* XXX Should permit the user to change to use the new id. This could
be done by converting the host key to an identifying sentence, tell
@@ -1273,7 +1275,7 @@ void ssh_login(int host_key_valid,
break;
}
- if (options->check_host_ip)
+ if (options.check_host_ip)
xfree(ip);
/* Generate a session key. */
@@ -1336,27 +1338,27 @@ void ssh_login(int host_key_valid,
rsa_public_encrypt(key, key, public_key);
}
- if (options->cipher == SSH_CIPHER_NOT_SET) {
+ if (options.cipher == SSH_CIPHER_NOT_SET) {
if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
- options->cipher = ssh_cipher_default;
+ options.cipher = ssh_cipher_default;
else {
debug("Cipher %d not supported, using %.100s instead.",
cipher_name(ssh_cipher_default),
cipher_name(SSH_FALLBACK_CIPHER));
- options->cipher = SSH_FALLBACK_CIPHER;
+ options.cipher = SSH_FALLBACK_CIPHER;
}
}
/* Check that the selected cipher is supported. */
- if (!(supported_ciphers & (1 << options->cipher)))
+ if (!(supported_ciphers & (1 << options.cipher)))
fatal("Selected cipher type %.100s not supported by server.",
- cipher_name(options->cipher));
+ cipher_name(options.cipher));
- debug("Encryption type: %.100s", cipher_name(options->cipher));
+ debug("Encryption type: %.100s", cipher_name(options.cipher));
/* Send the encrypted session key to the server. */
packet_start(SSH_CMSG_SESSION_KEY);
- packet_put_char(options->cipher);
+ packet_put_char(options.cipher);
/* Send the check bytes back to the server. */
for (i = 0; i < 8; i++)
@@ -1382,7 +1384,7 @@ void ssh_login(int host_key_valid,
/* Set the encryption key. */
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH,
- options->cipher, 1);
+ options.cipher, 1);
/* We will no longer need the session key here. Destroy any extra copies. */
memset(session_key, 0, sizeof(session_key));
@@ -1412,17 +1414,17 @@ void ssh_login(int host_key_valid,
#ifdef AFS
/* Try Kerberos tgt passing if the server supports it. */
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
- options->kerberos_tgt_passing)
+ options.kerberos_tgt_passing)
{
- if (options->cipher == SSH_CIPHER_NONE)
+ if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
(void)send_kerberos_tgt();
}
/* Try AFS token passing if the server supports it. */
if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
- options->afs_token_passing && k_hasafs()) {
- if (options->cipher == SSH_CIPHER_NONE)
+ options.afs_token_passing && k_hasafs()) {
+ if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
send_afs_tokens();
}
@@ -1430,7 +1432,7 @@ void ssh_login(int host_key_valid,
#ifdef KRB4
if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
- options->kerberos_authentication)
+ options.kerberos_authentication)
{
debug("Trying Kerberos authentication.");
if (try_kerberos_authentication()) {
@@ -1447,7 +1449,7 @@ void ssh_login(int host_key_valid,
/* Use rhosts authentication if running in privileged socket and we do not
wish to remain anonymous. */
if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
- options->rhosts_authentication)
+ options.rhosts_authentication)
{
debug("Trying rhosts authentication.");
packet_start(SSH_CMSG_AUTH_RHOSTS);
@@ -1467,7 +1469,7 @@ void ssh_login(int host_key_valid,
/* Try .rhosts or /etc/hosts.equiv authentication with RSA host
authentication. */
if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
- options->rhosts_rsa_authentication && host_key_valid)
+ options.rhosts_rsa_authentication && host_key_valid)
{
if (try_rhosts_rsa_authentication(local_user, own_host_key))
return; /* Successful authentication. */
@@ -1475,7 +1477,7 @@ void ssh_login(int host_key_valid,
/* Try RSA authentication if the server supports it. */
if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
- options->rsa_authentication)
+ options.rsa_authentication)
{
/* Try RSA authentication using the authentication agent. The agent
is tried first because no passphrase is needed for it, whereas
@@ -1484,23 +1486,22 @@ void ssh_login(int host_key_valid,
return; /* Successful connection. */
/* Try RSA authentication for each identity. */
- for (i = 0; i < options->num_identity_files; i++)
- if (try_rsa_authentication(pw, options->identity_files[i],
- !options->batch_mode))
+ for (i = 0; i < options.num_identity_files; i++)
+ if (try_rsa_authentication(pw, options.identity_files[i]))
return; /* Successful connection. */
}
/* Try password authentication if the server supports it. */
if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
- options->password_authentication && !options->batch_mode)
+ options.password_authentication && !options.batch_mode)
{
char prompt[80];
snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
server_user, host);
debug("Doing password authentication.");
- if (options->cipher == SSH_CIPHER_NONE)
+ if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
- for (i = 0; i < options->number_of_password_prompts; i++) {
+ for (i = 0; i < options.number_of_password_prompts; i++) {
if (i != 0)
error("Permission denied, please try again.");
password = read_passphrase(prompt, 0);
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index d5e00c328c3..399eb6982b7 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -18,7 +18,7 @@ agent connections.
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.50 1999/11/11 22:58:39 markus Exp $");
+RCSID("$Id: sshd.c,v 1.51 1999/11/11 23:36:53 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -1207,8 +1207,7 @@ do_authentication(char *user, int privileged_port)
}
/* Try to authenticate using /etc/hosts.equiv and .rhosts. */
- if (auth_rhosts(pw, client_user, options.ignore_rhosts,
- options.strict_modes))
+ if (auth_rhosts(pw, client_user))
{
/* Authentication accepted. */
log("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.",
@@ -1287,7 +1286,7 @@ do_authentication(char *user, int privileged_port)
packet_integrity_check(plen, nlen, type);
- if (auth_rsa(pw, n, options.strict_modes))
+ if (auth_rsa(pw, n))
{
/* Successful authentication. */
BN_clear_free(n);