version 1.62, 2005/10/30 08:52:18 |
version 1.62.2.2, 2006/11/08 00:17:14 |
|
|
|
/* $OpenBSD$ */ |
/* |
/* |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
|
|
* called by a name other than "ssh" or "Secure Shell". |
* called by a name other than "ssh" or "Secure Shell". |
*/ |
*/ |
|
|
#include "includes.h" |
#include <sys/types.h> |
RCSID("$OpenBSD$"); |
#include <sys/socket.h> |
|
|
#include <openssl/bn.h> |
#include <openssl/bn.h> |
#include <openssl/md5.h> |
#include <openssl/md5.h> |
|
|
|
#include <stdio.h> |
|
#include <stdlib.h> |
|
#include <string.h> |
|
#include <signal.h> |
|
#include <pwd.h> |
|
|
|
#include "xmalloc.h" |
#include "ssh.h" |
#include "ssh.h" |
#include "ssh1.h" |
#include "ssh1.h" |
#include "xmalloc.h" |
|
#include "rsa.h" |
#include "rsa.h" |
#include "buffer.h" |
#include "buffer.h" |
#include "packet.h" |
#include "packet.h" |
|
#include "key.h" |
|
#include "cipher.h" |
#include "kex.h" |
#include "kex.h" |
#include "uidswap.h" |
#include "uidswap.h" |
#include "log.h" |
#include "log.h" |
#include "readconf.h" |
#include "readconf.h" |
#include "key.h" |
|
#include "authfd.h" |
#include "authfd.h" |
#include "sshconnect.h" |
#include "sshconnect.h" |
#include "authfile.h" |
#include "authfile.h" |
#include "misc.h" |
#include "misc.h" |
#include "cipher.h" |
|
#include "canohost.h" |
#include "canohost.h" |
|
#include "hostfile.h" |
#include "auth.h" |
#include "auth.h" |
|
|
/* Session id for the current session. */ |
/* Session id for the current session. */ |
|
|
BIGNUM *challenge; |
BIGNUM *challenge; |
Key *public, *private; |
Key *public, *private; |
char buf[300], *passphrase, *comment, *authfile; |
char buf[300], *passphrase, *comment, *authfile; |
int i, type, quit; |
int i, perm_ok = 1, type, quit; |
|
|
public = options.identity_keys[idx]; |
public = options.identity_keys[idx]; |
authfile = options.identity_files[idx]; |
authfile = options.identity_files[idx]; |
|
|
if (public->flags & KEY_FLAG_EXT) |
if (public->flags & KEY_FLAG_EXT) |
private = public; |
private = public; |
else |
else |
private = key_load_private_type(KEY_RSA1, authfile, "", NULL); |
private = key_load_private_type(KEY_RSA1, authfile, "", NULL, |
if (private == NULL && !options.batch_mode) { |
&perm_ok); |
|
if (private == NULL && !options.batch_mode && perm_ok) { |
snprintf(buf, sizeof(buf), |
snprintf(buf, sizeof(buf), |
"Enter passphrase for RSA key '%.100s': ", comment); |
"Enter passphrase for RSA key '%.100s': ", comment); |
for (i = 0; i < options.number_of_password_prompts; i++) { |
for (i = 0; i < options.number_of_password_prompts; i++) { |
passphrase = read_passphrase(buf, 0); |
passphrase = read_passphrase(buf, 0); |
if (strcmp(passphrase, "") != 0) { |
if (strcmp(passphrase, "") != 0) { |
private = key_load_private_type(KEY_RSA1, |
private = key_load_private_type(KEY_RSA1, |
authfile, passphrase, NULL); |
authfile, passphrase, NULL, NULL); |
quit = 0; |
quit = 0; |
} else { |
} else { |
debug2("no passphrase given, try next key"); |
debug2("no passphrase given, try next key"); |
|
|
xfree(comment); |
xfree(comment); |
|
|
if (private == NULL) { |
if (private == NULL) { |
if (!options.batch_mode) |
if (!options.batch_mode && perm_ok) |
error("Bad passphrase."); |
error("Bad passphrase."); |
|
|
/* Send a dummy response packet to avoid protocol error. */ |
/* Send a dummy response packet to avoid protocol error. */ |
|
|
* the first 16 bytes of the session id. |
* the first 16 bytes of the session id. |
*/ |
*/ |
if ((key = BN_new()) == NULL) |
if ((key = BN_new()) == NULL) |
fatal("respond_to_rsa_challenge: BN_new failed"); |
fatal("ssh_kex: BN_new failed"); |
BN_set_word(key, 0); |
if (BN_set_word(key, 0) == 0) |
|
fatal("ssh_kex: BN_set_word failed"); |
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { |
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { |
BN_lshift(key, key, 8); |
if (BN_lshift(key, key, 8) == 0) |
if (i < 16) |
fatal("ssh_kex: BN_lshift failed"); |
BN_add_word(key, session_key[i] ^ session_id[i]); |
if (i < 16) { |
else |
if (BN_add_word(key, session_key[i] ^ session_id[i]) |
BN_add_word(key, session_key[i]); |
== 0) |
|
fatal("ssh_kex: BN_add_word failed"); |
|
} else { |
|
if (BN_add_word(key, session_key[i]) == 0) |
|
fatal("ssh_kex: BN_add_word failed"); |
|
} |
} |
} |
|
|
/* |
/* |