Commit 3a5b0233 authored by Damien Miller's avatar Damien Miller

Stupid djm commits experimental code to head instead of branch

revert
parent 3225fb45
# $Id: Makefile.in,v 1.198 2002/03/13 01:47:54 djm Exp $
# $Id: Makefile.in,v 1.199 2002/03/13 02:19:42 djm Exp $
prefix=@prefix@
exec_prefix=@exec_prefix@
......@@ -50,11 +50,11 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS)
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o monitor_fdpass.c monitor_wrap.c mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o monitor.c monitor_mm.c sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1
......
......@@ -121,8 +121,8 @@ void krb5_cleanup_proc(void *authctxt);
#include "auth-pam.h"
#include "auth2-pam.h"
Authctxt *do_authentication(void);
Authctxt *do_authentication2(void);
void do_authentication(void);
void do_authentication2(void);
Authctxt *authctxt_new(void);
void auth_log(Authctxt *, int, char *, char *);
......
......@@ -26,13 +26,8 @@ RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $");
#include "session.h"
#include "misc.h"
#include "uidswap.h"
#include "monitor.h"
#include "monitor_wrap.h"
/* import */
extern int use_privsep;
extern int mm_recvfd;
extern ServerOptions options;
/*
......@@ -360,13 +355,12 @@ do_authloop(Authctxt *authctxt)
* Performs authentication of an incoming connection. Session key has already
* been exchanged and encryption is enabled.
*/
Authctxt *
void
do_authentication(void)
{
Authctxt *authctxt;
struct passwd *pw = NULL, *pwent;
struct passwd *pw;
u_int ulen;
int allowed;
char *p, *user, *style = NULL;
/* Get the name of the user that we wish to log in as. */
......@@ -388,26 +382,17 @@ do_authentication(void)
authctxt->style = style;
/* Verify that the user is a valid user. */
if (!use_privsep) {
pwent = getpwnam(user);
allowed = pwent ? allowed_user(pwent) : 0;
} else
pwent = mm_getpwnamallow(mm_recvfd, user, &allowed);
if (pwent && allowed) {
pw = getpwnam(user);
if (pw && allowed_user(pw)) {
authctxt->valid = 1;
pw = pwcopy(pwent);
pw = pwcopy(pw);
} else {
debug("do_authentication: illegal user %s", user);
pw = NULL;
}
/* Free memory */
if (use_privsep)
pwfree(pwent);
authctxt->pw = pw;
setproctitle("%s%s", use_privsep ? " [net]" : "",
pw ? user : "unknown");
setproctitle("%s", pw ? user : "unknown");
#ifdef USE_PAM
start_pam(pw == NULL ? "NOUSER" : user);
......@@ -433,5 +418,6 @@ do_authentication(void)
packet_send();
packet_write_wait();
return (authctxt);
/* Perform session preparation. */
do_authenticated(authctxt);
}
......@@ -51,13 +51,8 @@ RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $");
#include "hostfile.h"
#include "canohost.h"
#include "match.h"
#include "monitor.h"
#include "monitor_wrap.h"
/* import */
extern int use_privsep;
extern int mm_recvfd;
extern ServerOptions options;
extern u_char *session_id2;
extern int session_id2_len;
......@@ -80,8 +75,8 @@ static void input_userauth_request(int, u_int32_t, void *);
/* helper */
static Authmethod *authmethod_lookup(const char *);
static char *authmethods_get(void);
int user_key_allowed(struct passwd *, Key *);
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
static int user_key_allowed(struct passwd *, Key *);
static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
/* auth */
static void userauth_banner(void);
......@@ -114,7 +109,7 @@ Authmethod authmethods[] = {
* loop until authctxt->success == TRUE
*/
Authctxt *
void
do_authentication2(void)
{
Authctxt *authctxt = authctxt_new();
......@@ -130,8 +125,7 @@ do_authentication2(void)
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
return(authctxt);
do_authenticated(authctxt);
}
static void
......@@ -188,15 +182,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
*style++ = 0;
if (authctxt->attempt++ == 0) {
/* setup auth context */
int allowed;
/* setup auth context */
struct passwd *pw = NULL;
if (!use_privsep) {
pw = getpwnam(user);
allowed = pw ? allowed_user(pw) : 0;
} else
pw = mm_getpwnamallow(mm_recvfd, user, &allowed);
if (pw && allowed && strcmp(service, "ssh-connection")==0) {
pw = getpwnam(user);
if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
authctxt->pw = pwcopy(pw);
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
......@@ -209,18 +198,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
start_pam("NOUSER");
#endif
}
/* Free memory */
if (use_privsep)
pwfree(pw);
setproctitle("%s%s", use_privsep ? " [net]" : "",
pw ? user : "unknown");
setproctitle("%s", pw ? user : "unknown");
authctxt->user = xstrdup(user);
authctxt->service = xstrdup(service);
authctxt->style = style ? xstrdup(style) : NULL;
if (use_privsep)
mm_inform_authserv(mm_recvfd, service, style);
} else if (strcmp(user, authctxt->user) != 0 ||
strcmp(service, authctxt->service) != 0) {
packet_disconnect("Change of username or service not allowed: "
......@@ -332,8 +313,6 @@ done:
static int
userauth_none(Authctxt *authctxt)
{
int res = 0;
/* disable method "none", only allowed one time */
Authmethod *m = authmethod_lookup("none");
if (m != NULL)
......@@ -343,16 +322,18 @@ userauth_none(Authctxt *authctxt)
if (authctxt->valid == 0)
return(0);
if (!authctxt->valid)
return (0);
if (use_privsep)
#if defined(USE_PAM) || defined(HAVE_OSF_SIA)
#error NOT IMPLEMENTED FOR PRIVSEP
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
res = mm_auth_password(mm_recvfd, "");
else
res = auth_password(authctxt, "");
return (res);
#ifdef USE_PAM
return auth_pam_password(authctxt->pw, "");
#elif defined(HAVE_OSF_SIA)
return 0;
#else /* !HAVE_OSF_SIA && !USE_PAM */
return auth_password(authctxt, "");
#endif /* USE_PAM */
}
static int
......@@ -367,16 +348,18 @@ userauth_passwd(Authctxt *authctxt)
log("password change not supported");
password = packet_get_string(&len);
packet_check_eom();
#if defined(HAVE_CYGWIN) || defined(USE_PAM) || defined(HAVE_OSF_SIA)
#error NOT IMPLEMENTED FOR PRIVSEP
if (authctxt->valid &&
#ifdef HAVE_CYGWIN
check_nt_auth(1, authctxt->pw) &&
#endif
if (authctxt->valid) {
if (use_privsep)
authenticated = mm_auth_password(mm_recvfd, password);
else
authenticated = auth_password(authctxt, password);
}
#ifdef USE_PAM
auth_pam_password(authctxt->pw, password) == 1)
#elif defined(HAVE_OSF_SIA)
auth_sia_password(authctxt->user, password) == 1)
#else /* !USE_PAM && !HAVE_OSF_SIA */
auth_password(authctxt, password) == 1)
#endif /* USE_PAM */
authenticated = 1;
memset(password, 0, len);
xfree(password);
return authenticated;
......@@ -484,23 +467,12 @@ userauth_pubkey(Authctxt *authctxt)
buffer_dump(&b);
#endif
/* test for correct signature */
authenticated = 0;
if (use_privsep) {
if (mm_user_key_allowed(mm_recvfd, key) &&
mm_key_verify(mm_recvfd,
MM_USERKEY, NULL, NULL, key, sig, slen,
buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
} else {
if (user_key_allowed(authctxt->pw, key) &&
key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b)) == 1)
authenticated = 1;
}
if (user_key_allowed(authctxt->pw, key) &&
key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
buffer_clear(&b);
xfree(sig);
} else {
int res = 0;
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
......@@ -512,11 +484,7 @@ userauth_pubkey(Authctxt *authctxt)
* if a user is not allowed to login. is this an
* issue? -markus
*/
if (use_privsep)
res = mm_user_key_allowed(mm_recvfd, key);
else
res = user_key_allowed(authctxt->pw, key);
if (res) {
if (user_key_allowed(authctxt->pw, key)) {
packet_start(SSH2_MSG_USERAUTH_PK_OK);
packet_put_string(pkalg, alen);
packet_put_string(pkblob, blen);
......@@ -604,18 +572,9 @@ userauth_hostbased(Authctxt *authctxt)
buffer_dump(&b);
#endif
/* test for allowed key and correct signature */
authenticated = 0;
if (use_privsep) {
if (mm_hostbased_key_allowed(mm_recvfd, cuser, chost, key) &&
mm_key_verify(mm_recvfd, MM_HOSTKEY, cuser, chost, key,
sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
} else {
if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
key_verify(key, sig, slen, buffer_ptr(&b),
buffer_len(&b)) == 1)
authenticated = 1;
}
if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
authenticated = 1;
buffer_clear(&b);
done:
......@@ -771,7 +730,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
}
/* check whether given key is in .ssh/authorized_keys* */
int
static int
user_key_allowed(struct passwd *pw, Key *key)
{
int success;
......@@ -791,7 +750,7 @@ user_key_allowed(struct passwd *pw, Key *key)
}
/* return 1 if given hostkey is allowed */
int
static int
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
Key *key)
{
......
......@@ -221,8 +221,6 @@ buffer_put_string(Buffer *buffer, const void *buf, u_int len)
void
buffer_put_cstring(Buffer *buffer, const char *s)
{
if (s == NULL)
fatal("buffer_put_cstring: s == NULL");
buffer_put_string(buffer, s, strlen(s));
}
......
......@@ -541,43 +541,3 @@ evp_rijndael(void)
#endif
return (&rijndal_cbc);
}
/*
* Exports an IV from the CipherContext required to export the key
* state back from the unprivileged child to the privileged parent
* process.
*/
void
cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
{
Cipher *c = cc->cipher;
u_char *civ = NULL;
int evplen;
switch (c->number) {
case SSH_CIPHER_SSH2:
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
if (evplen == 0)
return;
if (evplen != len)
fatal("%s: wrong iv length %d != %d", __FUNCTION__,
evplen, len);
if (strncmp(c->name, "aes", 3) == 0) {
struct ssh_rijndael_ctx *aesc;
aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
if (aesc == NULL)
fatal("ssh_rijndael_cbc: no context");
civ = aesc->r_iv;
} else {
civ = cc->evp.iv;
}
break;
default:
fatal("%s: bad cipher %d", __FUNCTION__, c->number);
}
memcpy(iv, civ, len);
}
......@@ -81,6 +81,4 @@ void cipher_cleanup(CipherContext *);
void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
u_int cipher_blocksize(Cipher *);
u_int cipher_keylen(Cipher *);
void cipher_get_keyiv(CipherContext *, u_char *, u_int);
#endif /* CIPHER_H */
......@@ -19,8 +19,8 @@ RCSID("$OpenBSD: compress.c,v 1.17 2001/12/29 21:56:01 stevesk Exp $");
#include "zlib.h"
#include "compress.h"
z_stream incoming_stream;
z_stream outgoing_stream;
static z_stream incoming_stream;
static z_stream outgoing_stream;
static int compress_init_send_called = 0;
static int compress_init_recv_called = 0;
......
......@@ -43,10 +43,6 @@ RCSID("$OpenBSD: kex.c,v 1.47 2002/02/28 15:46:33 markus Exp $");
#define KEX_COOKIE_LEN 16
/* Use privilege separation for sshd */
int use_privsep;
int mm_recvfd;
/* prototype */
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
......
......@@ -111,7 +111,6 @@ struct Kex {
char *server_version_string;
int (*verify_host_key)(Key *);
Key *(*load_host_key)(int);
int (*host_key_index)(Key *);
};
Kex *kex_setup(char *[PROPOSAL_MAX]);
......
......@@ -37,12 +37,6 @@ RCSID("$OpenBSD: kexdh.c,v 1.17 2002/02/28 15:46:33 markus Exp $");
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#include "monitor.h"
#include "monitor_wrap.h"
/* Imports */
extern int use_privsep;
extern int mm_recvfd;
static u_char *
kex_dh_hash(
......@@ -281,12 +275,7 @@ kexdh_server(Kex *kex)
/* sign H */
/* XXX hashlen depends on KEX */
if (use_privsep)
mm_key_sign(mm_recvfd,
kex->host_key_index(server_host_key),
&signature, &slen, hash, 20);
else
key_sign(server_host_key, &signature, &slen, hash, 20);
key_sign(server_host_key, &signature, &slen, hash, 20);
/* destroy_sensitive_data(); */
......
......@@ -38,12 +38,6 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $");
#include "dh.h"
#include "ssh2.h"
#include "compat.h"
#include "monitor.h"
#include "monitor_wrap.h"
/* Imports */
extern int use_privsep;
extern int mm_recvfd;
static u_char *
kexgex_hash(
......@@ -302,11 +296,7 @@ kexgex_server(Kex *kex)
fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
min, nbits, max);
/* Contact privileged parent */
if (use_privsep)
dh = mm_choose_dh(mm_recvfd, min, nbits, max);
else
dh = choose_dh(min, nbits, max);
dh = choose_dh(min, nbits, max);
if (dh == NULL)
packet_disconnect("Protocol error: no matching DH grp found");
......@@ -389,11 +379,7 @@ kexgex_server(Kex *kex)
/* sign H */
/* XXX hashlen depends on KEX */
if (use_privsep)
mm_key_sign(mm_recvfd, kex->host_key_index(server_host_key),
&signature, &slen, hash, 20);
else
key_sign(server_host_key, &signature, &slen, hash, 20);
key_sign(server_host_key, &signature, &slen, hash, 20);
/* destroy_sensitive_data(); */
......@@ -404,7 +390,6 @@ kexgex_server(Kex *kex)
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);
/* have keys, free DH */
......
......@@ -801,46 +801,3 @@ key_verify(
break;
}
}
/* Converts a private to a public key */
Key *
key_demote(Key *k)
{
Key *pk;
pk = xmalloc(sizeof(*pk));
pk->type = k->type;
pk->flags = k->flags;
pk->dsa = NULL;
pk->rsa = NULL;
switch (k->type) {
case KEY_RSA1:
case KEY_RSA:
if ((pk->rsa = RSA_new()) == NULL)
fatal("key_demote: RSA_new failed");
if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
fatal("key_demote: BN_dup failed");
if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
fatal("key_demote: BN_dup failed");
break;
case KEY_DSA:
if ((pk->dsa = DSA_new()) == NULL)
fatal("key_demote: DSA_new failed");
if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
fatal("key_demote: BN_dup failed");
if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
fatal("key_demote: BN_dup failed");
if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
fatal("key_demote: BN_dup failed");
if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
fatal("key_demote: BN_dup failed");
break;
default:
fatal("key_free: bad key type %d", k->type);
break;
}
return (pk);
}
......@@ -58,7 +58,6 @@ struct Key {
Key *key_new(int);
Key *key_new_private(int);
void key_free(Key *);
Key *key_demote(Key *);
int key_equal(Key *, Key *);
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
char *key_type(Key *);
......
......@@ -115,8 +115,6 @@ static int interactive_mode = 0;
/* Session key information for Encryption and MAC */
Newkeys *newkeys[MODE_MAX];
static u_int32_t read_seqnr = 0;
static u_int32_t send_seqnr = 0;
/* roundup current message to extra_pad bytes */
static u_char extra_pad = 0;
......@@ -173,87 +171,6 @@ packet_connection_is_on_socket(void)
return 1;
}
/*
* Exports an IV from the CipherContext required to export the key
* state back from the unprivileged child to the privileged parent
* process.
*/
void
packet_get_keyiv(int mode, u_char *iv, u_int len)
{
CipherContext *cc;
if (mode == MODE_OUT)
cc = &send_context;
else
cc = &receive_context;
cipher_get_keyiv(cc, iv, len);
}
int
packet_get_keycontext(int mode, u_char *dat)
{
int plen;
CipherContext *cc;
if (mode == MODE_OUT)
cc = &send_context;
else
cc = &receive_context;
#if OPENSSL_VERSION_NUMBER < 0x00907000L
plen = sizeof(cc->evp.c);
#else
plen = cc->evp.cipher->ctx_size;
#endif
if (dat == NULL)
return (plen);
#if OPENSSL_VERSION_NUMBER < 0x00907000L
memcpy(dat, &cc->evp.c, sizeof(cc->evp.c));
#else
memcpy(dat, &cc->evp.cipher_data, plen);
#endif
return (plen);
}
void
packet_set_keycontext(int mode, u_char *dat)
{
CipherContext *cc;
if (mode == MODE_OUT)
cc = &send_context;
else
cc = &receive_context;
#if OPENSSL_VERSION_NUMBER < 0x00907000L
memcpy(&cc->evp.c, dat, sizeof(cc->evp.c));
#else
memcpy(&cc->evp.cipher_data, dat, cc->evp.cipher->ctx_size);
#endif
}
u_int32_t
packet_get_seqnr(int mode)
{
return (mode == MODE_IN ? read_seqnr : send_seqnr);
}
void
packet_set_seqnr(int mode, u_int32_t seqnr)
{
if (mode == MODE_IN)
read_seqnr = seqnr;
else if (mode == MODE_OUT)
send_seqnr = seqnr;
else
fatal("%s: bad mode %d", __FUNCTION__, mode);
}
/* returns 1 if connection is via ipv4 */
int
......@@ -516,7 +433,7 @@ packet_send1(void)
*/
}
void
static void
set_newkeys(int mode)
{
Enc *enc;
......@@ -560,9 +477,8 @@ set_newkeys(int mode)
DBG(debug("cipher_init_context: %d", mode));
cipher_init(cc, enc->cipher, enc->key, enc->key_len,
enc->iv, enc->block_size, encrypt);
/* Deleting the keys does not gain extra security */
/* memset(enc->iv, 0, enc->block_size);
memset(enc->key, 0, enc->key_len); */
memset(enc->iv, 0, enc->block_size);
memset(enc->key, 0, enc->key_len);
if (comp->type != 0 && comp->enabled == 0) {
packet_init_compression();
if (mode == MODE_OUT)
......@@ -579,6 +495,7 @@ set_newkeys(int mode)
static void
packet_send2(void)
{
static u_int32_t seqnr = 0;
u_char type, *cp, *macbuf = NULL;
u_char padlen, pad;
u_int packet_length = 0;
......@@ -659,10 +576,10 @@ packet_send2(void)
/* compute MAC over seqnr and packet(length fields, payload, padding) */
if (mac && mac->enabled) {
macbuf = mac_compute(mac, send_seqnr,
macbuf = mac_compute(mac, seqnr,
buffer_ptr(&outgoing_packet),
buffer_len(&outgoing_packet));
DBG(debug("done calc MAC out #%d", send_seqnr));
DBG(debug("done calc MAC out #%d", seqnr));
}
/* encrypt packet and append to output buffer. */
cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
......@@ -676,7 +593,7 @@ packet_send2(void)
buffer_dump(&output);
#endif
/* increment sequence number for outgoing packets */
if (++send_seqnr == 0)
if (++seqnr == 0)
log("outgoing seqnr wraps around");
buffer_clear(&outgoing_packet);
......@@ -866,6 +783,7 @@ packet_read_poll1(void)
static int
packet_read_poll2(u_int32_t *seqnr_p)
{
static u_int32_t seqnr = 0;
static u_int packet_length = 0;
u_int padlen, need;
u_char *macbuf, *cp, type;
......@@ -927,17 +845,17 @@ packet_read_poll2(u_int32_t *seqnr_p)
* increment sequence number for incoming packet
*/
if (mac && mac->enabled) {
macbuf = mac_compute(mac, read_seqnr,
macbuf = mac_compute(mac, seqnr,
buffer_ptr(&incoming_packet),
buffer_len(&incoming_packet));
if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
packet_disconnect("Corrupted MAC on input.");
DBG(debug("MAC #%d ok", read_seqnr));
DBG(debug("MAC #%d ok", seqnr));
buffer_consume(&input, mac->mac_len);
}
if (seqnr_p != NULL)
*seqnr_p = read_seqnr;
if (++read_seqnr == 0)
*seqnr_p = seqnr;
if (++seqnr == 0)
log("incoming seqnr wraps around");
/* get padlen */
......
......@@ -56,13 +56,6 @@ void *packet_get_string(u_int *length_ptr);
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void set_newkeys(int mode);
void packet_get_keyiv(int, u_char *, u_int);
int packet_get_keycontext(int, u_char *);
void packet_set_keycontext(int, u_char *);
u_int32_t packet_get_seqnr(int);
void packet_set_seqnr(int, u_int32_t);
void packet_write_poll(void);
void packet_write_wait(void);
int packet_have_data_to_write(void);
......
......@@ -36,8 +36,6 @@ static void add_one_listen_addr(ServerOptions *, char *, u_short);
/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
/* Use of privilege separation or not */
extern int use_privsep;
/* Initializes the server options to their default values. */
......@@ -112,9 +110,6 @@ initialize_server_options(ServerOptions *options)
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
/* Needs to be accessable in many places */
use_privsep = -1;
}
void
......@@ -240,10 +235,6 @@ fill_default_server_options(ServerOptions *options)
}
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
/* Turn privilege separation on by default */
if (use_privsep == -1)
use_privsep = 1;