- andreas@cvs.openbsd.org 2009/10/24 11:13:54

     [sshconnect2.c kex.h kex.c]
     Let the client detect if the server supports roaming by looking
     for the resume@appgate.com kex algorithm.
     ok markus@

4 files changed, 26 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 5935fa6ad..68f772b60 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,11 @@
      [roaming.h]
      Declarations needed for upcoming changes.
      ok markus@
+   - andreas@cvs.openbsd.org 2009/10/24 11:13:54
+     [sshconnect2.c kex.h kex.c]
+     Let the client detect if the server supports roaming by looking
+     for the resume@appgate.com kex algorithm.
+     ok markus@
 
 20091226
  - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
diff --git a/kex.c b/kex.c
index f4f44f095..148cfee80 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.81 2009/05/27 06:34:36 andreas Exp $ */
+/* $OpenBSD: kex.c,v 1.82 2009/10/24 11:13:54 andreas Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -48,6 +48,7 @@
 #include "match.h"
 #include "dispatch.h"
 #include "monitor.h"
+#include "roaming.h"
 
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
 # if defined(HAVE_EVP_SHA256)
@@ -386,6 +387,16 @@ kex_choose_conf(Kex *kex)
                 sprop=peer;
         }
 
+        /* Check whether server offers roaming */
+        if (!kex->server) {
+                char *roaming;
+                roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL);
+                if (roaming) {
+                        kex->roaming = 1;
+                        xfree(roaming);
+                }
+        }
+
         /* Algorithm Negotiation */
         for (mode = 0; mode < MODE_MAX; mode++) {
                 newkeys = xcalloc(1, sizeof(*newkeys));
diff --git a/kex.h b/kex.h
index 68c80c5a9..1fa13799d 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.47 2009/05/27 06:34:36 andreas Exp $ */
+/* $OpenBSD: kex.h,v 1.48 2009/10/24 11:13:54 andreas Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -36,6 +36,7 @@
 #define KEX_DH14                "diffie-hellman-group14-sha1"
 #define KEX_DHGEX_SHA1          "diffie-hellman-group-exchange-sha1"
 #define KEX_DHGEX_SHA256        "diffie-hellman-group-exchange-sha256"
+#define KEX_RESUME              "resume@appgate.com"
 
 #define COMP_NONE       0
 #define COMP_ZLIB       1
@@ -116,6 +117,7 @@ struct Kex {
         char    *name;
         int     hostkey_type;
         int     kex_type;
+        int     roaming;
         Buffer  my;
         Buffer  peer;
         sig_atomic_t done;
diff --git a/sshconnect2.c b/sshconnect2.c
index 1e0e9d5e1..937bb773d 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.172 2009/10/23 01:57:11 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -152,6 +152,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 
         dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
 
+        if (options.use_roaming && !kex->roaming) {
+                debug("Roaming not allowed by server");
+                options.use_roaming = 0;
+        }
+
         session_id2 = kex->session_id;
         session_id2_len = kex->session_id_len;