Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / eba71bab9bf01c0d688f829a8971f902732558df^! / . / ssh.c
commiteba71bab9bf01c0d688f829a8971f902732558df[log] [tgz]
authorDamien Miller <djm@mindrot.org>Sat Apr 29 23:57:08 2000 +1000
committerDamien Miller <djm@mindrot.org>Sat Apr 29 23:57:08 2000 +1000
treea9d5b50568bfc10cc50291fd3604debfaf3e3783
parent8117111a3c1360727e3c54aad31aa045e7a7871b [diff] [blame]
 - Merge big update to OpenSSH-2.0 from OpenBSD CVS
   [README.openssh2]
   - interop w/ F-secure windows client
   - sync documentation
   - ssh_host_dsa_key not ssh_dsa_key
   [auth-rsa.c]
   - missing fclose
   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
   [sshd.c uuencode.c uuencode.h authfile.h]
   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
     for trading keys with the real and the original SSH, directly from the
     people who invented the SSH protocol.
   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
   [sshconnect1.c sshconnect2.c]
   - split auth/sshconnect in one file per protocol version
   [sshconnect2.c]
   - remove debug
   [uuencode.c]
   - add trailing =
   [version.h]
   - OpenSSH-2.0
   [ssh-keygen.1 ssh-keygen.c]
   - add -R flag: exit code indicates if RSA is alive
   [sshd.c]
   - remove unused
     silent if -Q is specified
   [ssh.h]
   - host key becomes /etc/ssh_host_dsa_key
   [readconf.c servconf.c ]
   - ssh/sshd default to proto 1 and 2
   [uuencode.c]
   - remove debug
   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
   - xfree DSA blobs
   [auth2.c serverloop.c session.c]
   - cleanup logging for sshd/2, respect PasswordAuth no
   [sshconnect2.c]
   - less debug, respect .ssh/config
   [README.openssh2 channels.c channels.h]
   - clientloop.c session.c ssh.c
   - support for x11-fwding, client+server

diff --git a/ssh.c b/ssh.c
index 456570f..bdf6180 100644
--- a/ssh.c
+++ b/ssh.c

@@ -11,7 +11,11 @@
  */
 
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.26 2000/04/16 01:18:46 damien Exp $");
+RCSID("$Id: ssh.c,v 1.27 2000/04/29 13:57:12 damien Exp $");
+
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -24,6 +28,8 @@
 #include "ssh2.h"
 #include "compat.h"
 #include "channels.h"
+#include "key.h"
+#include "authfile.h"
 
 #ifdef HAVE___PROGNAME
 extern char *__progname;
@@ -358,10 +364,16 @@
 			}
 			break;
 		case 'c':
-			options.cipher = cipher_number(optarg);
-			if (options.cipher == -1) {
-				fprintf(stderr, "Unknown cipher type '%s'\n", optarg);
-				exit(1);
+			if (ciphers_valid(optarg)) {
+				/* SSH2 only */
+				options.ciphers = xstrdup(optarg);
+			} else {
+				/* SSH1 only */
+				options.cipher = cipher_number(optarg);
+				if (options.cipher == -1) {
+					fprintf(stderr, "Unknown cipher type '%s'\n", optarg);
+					exit(1);
+				}
 			}
 			break;
 		case 'p':
@@ -417,16 +429,11 @@
 	if (!host)
 		usage();
 
-	/* check if RSA support exists */
-	if (rsa_alive() == 0) {
-		fprintf(stderr,
-			"%s: no RSA support in libssl and libcrypto.  See ssl(8).\n",
-			__progname);
-		exit(1);
-	}
 	/* Initialize the command to execute on remote host. */
 	buffer_init(&command);
 
+	OpenSSL_add_all_algorithms();
+	
 	/*
 	 * Save the command to execute on the remote host in a buffer. There
 	 * is no limit on the length of the command, except by the maximum
@@ -496,6 +503,20 @@
 	/* reinit */
 	log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
 
+	/* check if RSA support exists */
+	if ((options.protocol & SSH_PROTO_1) &&
+	    rsa_alive() == 0) {
+		log("%s: no RSA support in libssl and libcrypto.  See ssl(8).",
+		    __progname);
+		log("Disabling protocol version 1");
+		options.protocol &= ~ (SSH_PROTO_1|SSH_PROTO_1_PREFERRED);
+	}
+	if (! options.protocol & (SSH_PROTO_1|SSH_PROTO_2)) {
+		fprintf(stderr, "%s: No protocol version available.\n",
+		    __progname);
+ 		exit(1);
+	}
+
 	if (options.user == NULL)
 		options.user = xstrdup(pw->pw_name);
 
@@ -562,9 +583,12 @@
 	 * authentication. This must be done before releasing extra
 	 * privileges, because the file is only readable by root.
 	 */
-	if (ok) {
+	if (ok && (options.protocol & SSH_PROTO_1)) {
+		Key k;
 		host_private_key = RSA_new();
-		if (load_private_key(HOST_KEY_FILE, "", host_private_key, NULL))
+		k.type = KEY_RSA;
+		k.rsa = host_private_key;
+		if (load_private_key(HOST_KEY_FILE, "", &k, NULL))
 			host_private_key_loaded = 1;
 	}
 	/*
@@ -610,15 +634,22 @@
 		exit(1);
 	}
 	/* Expand ~ in options.identity_files. */
+	/* XXX mem-leaks */
 	for (i = 0; i < options.num_identity_files; i++)
 		options.identity_files[i] =
 			tilde_expand_filename(options.identity_files[i], original_real_uid);
-
+	for (i = 0; i < options.num_identity_files2; i++)
+		options.identity_files2[i] =
+			tilde_expand_filename(options.identity_files2[i], original_real_uid);
 	/* Expand ~ in known host file names. */
 	options.system_hostfile = tilde_expand_filename(options.system_hostfile,
-							original_real_uid);
+	    original_real_uid);
 	options.user_hostfile = tilde_expand_filename(options.user_hostfile,
-						      original_real_uid);
+	    original_real_uid);
+	options.system_hostfile2 = tilde_expand_filename(options.system_hostfile2,
+	    original_real_uid);
+	options.user_hostfile2 = tilde_expand_filename(options.user_hostfile2,
+	    original_real_uid);
 
 	/* Log into the remote system.  This never returns if the login fails. */
 	ssh_login(host_private_key_loaded, host_private_key,