===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.107
retrieving revision 1.107.2.1
diff -u -r1.107 -r1.107.2.1
--- src/usr.bin/ssh/sshconnect2.c	2002/07/01 19:48:46	1.107
+++ src/usr.bin/ssh/sshconnect2.c	2003/04/01 00:12:14	1.107.2.1
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.107.2.1 2003/04/01 00:12:14 margarida Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -110,6 +110,8 @@
 
 	/* start key exchange */
 	kex = kex_setup(myproposal);
+	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 	kex->client_version_string=client_version_string;
 	kex->server_version_string=server_version_string;
 	kex->verify_host_key=&verify_host_key_callback;
@@ -128,7 +130,6 @@
 	packet_send();
 	packet_write_wait();
 #endif
-	debug("done: ssh_kex2.");
 }
 
 /*
@@ -224,24 +225,23 @@
 	if (options.challenge_response_authentication)
 		options.kbd_interactive_authentication = 1;
 
-	debug("send SSH2_MSG_SERVICE_REQUEST");
 	packet_start(SSH2_MSG_SERVICE_REQUEST);
 	packet_put_cstring("ssh-userauth");
 	packet_send();
+	debug("SSH2_MSG_SERVICE_REQUEST sent");
 	packet_write_wait();
 	type = packet_read();
-	if (type != SSH2_MSG_SERVICE_ACCEPT) {
-		fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
-	}
+	if (type != SSH2_MSG_SERVICE_ACCEPT)
+		fatal("Server denied authentication request: %d", type);
 	if (packet_remaining() > 0) {
 		char *reply = packet_get_string(NULL);
-		debug("service_accept: %s", reply);
+		debug2("service_accept: %s", reply);
 		xfree(reply);
 	} else {
-		debug("buggy server: service_accept w/o service");
+		debug2("buggy server: service_accept w/o service");
 	}
 	packet_check_eom();
-	debug("got SSH2_MSG_SERVICE_ACCEPT");
+	debug("SSH2_MSG_SERVICE_ACCEPT received");
 
 	if (options.preferred_authentications == NULL)
 		options.preferred_authentications = authmethods_get();
@@ -273,7 +273,7 @@
 	if (authctxt.agent != NULL)
 		ssh_close_authentication_connection(authctxt.agent);
 
-	debug("ssh-userauth2 successful: method %s", authctxt.method->name);
+	debug("Authentication succeeded (%s).", authctxt.method->name);
 }
 void
 userauth(Authctxt *authctxt, char *authlist)
@@ -347,7 +347,7 @@
 
 	if (partial != 0)
 		log("Authenticated with partial success.");
-	debug("authentications that can continue: %s", authlist);
+	debug("Authentications that can continue: %s", authlist);
 
 	clear_auth_state(authctxt);
 	userauth(authctxt, authlist);
@@ -379,7 +379,7 @@
 	}
 	packet_check_eom();
 
-	debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
+	debug("Server accepts key: pkalg %s blen %u lastkey %p hint %d",
 	    pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
 
 	do {
@@ -764,7 +764,7 @@
 	if (k == NULL) {
 		debug2("userauth_pubkey_agent: no more keys");
 	} else {
-		debug("userauth_pubkey_agent: testing agent key %s", comment);
+		debug("Offering agent key: %s", comment);
 		xfree(comment);
 		ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
 		if (ret == 0)
@@ -792,7 +792,7 @@
 		key = options.identity_keys[idx];
 		filename = options.identity_files[idx];
 		if (key == NULL) {
-			debug("try privkey: %s", filename);
+			debug("Trying private key: %s", filename);
 			key = load_identity_file(filename);
 			if (key != NULL) {
 				sent = sign_and_send_pubkey(authctxt, key,
@@ -800,7 +800,7 @@
 				key_free(key);
 			}
 		} else if (key->type != KEY_RSA1) {
-			debug("try pubkey: %s", filename);
+			debug("Offering public key: %s", filename);
 			sent = send_pubkey_test(authctxt, key,
 			    identity_sign_cb, idx);
 		}
@@ -906,7 +906,7 @@
 	pid_t pid;
 	int to[2], from[2], status, version = 2;
 
-	debug("ssh_keysign called");
+	debug2("ssh_keysign called");
 
 	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
 		error("ssh_keysign: no installed: %s", strerror(errno));
@@ -947,9 +947,9 @@
 	buffer_init(&b);
 	buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
 	buffer_put_string(&b, data, datalen);
-	msg_send(to[1], version, &b);
+	ssh_msg_send(to[1], version, &b);
 
-	if (msg_recv(from[0], &b) < 0) {
+	if (ssh_msg_recv(from[0], &b) < 0) {
 		error("ssh_keysign: no reply");
 		buffer_clear(&b);
 		return -1;
@@ -995,7 +995,7 @@
 		}
 	}
 	if (!found) {
-		debug("userauth_hostbased: no more client hostkeys");
+		debug("No more client hostkeys for hostbased authentication.");
 		return 0;
 	}
 	if (key_to_blob(private, &blob, &blen) == 0) {
@@ -1014,6 +1014,7 @@
 	strlcpy(chost, p, len);
 	strlcat(chost, ".", len);
 	debug2("userauth_hostbased: chost %s", chost);
+	xfree(p);
 
 	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
 	    authctxt->service;
@@ -1109,7 +1110,6 @@
 static Authmethod *
 authmethod_get(char *authlist)
 {
-
 	char *name = NULL;
 	u_int next;
 
@@ -1130,7 +1130,7 @@
 
 	for (;;) {
 		if ((name = match_list(preferred, supported, &next)) == NULL) {
-			debug("no more auth methods to try");
+			debug("No more authentication methods to try.");
 			current = NULL;
 			return NULL;
 		}
@@ -1140,7 +1140,7 @@
 		if ((current = authmethod_lookup(name)) != NULL &&
 		    authmethod_is_enabled(current)) {
 			debug3("authmethod_is_enabled %s", name);
-			debug("next auth method to try is %s", name);
+			debug("Next authentication method: %s", name);
 			return current;
 		}
 	}