* Update to current GSSAPI patch from

http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch (closes: #352042).
author: Colin Watson <cjwatson@debian.org> 2006-05-12 09:46:51 +0000
committer: Colin Watson <cjwatson@debian.org> 2006-05-12 09:46:51 +0000
commit: 2a3e00306c9b3b4db71a777a7c3ccb70e470c675 (patch)
tree: f00af0128b0ac750d739384f111000c1c97007e4 /gss-genr.c
parent: 2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (diff)
1 files changed, 31 insertions, 16 deletions
diff --git a/gss-genr.c b/gss-genr.c
index 2a905f5e9..dfaa708ea 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,7 +1,7 @@
 /*      $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $    */
 /*
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -53,6 +53,11 @@ Gssctxt *gss_kex_context = NULL;
 static ssh_gss_kex_mapping *gss_enc2oid = NULL;
+int 
+ssh_gssapi_oid_table_ok() {
+        return (gss_enc2oid != NULL);
+}
 /*
 * Return a list of the gss-group1-sha1 mechanisms supported by this program
 *
@@ -62,7 +67,7 @@ static ssh_gss_kex_mapping *gss_enc2oid = NULL;
 char *
-ssh_gssapi_client_mechanisms(char *host) {
+ssh_gssapi_client_mechanisms(const char *host) {
        gss_OID_set gss_supported;
        OM_uint32 min_status;
@@ -83,8 +88,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
        const EVP_MD *evp_md = EVP_md5();
        EVP_MD_CTX md;
-        evp_md = EVP_md5();
        if (gss_enc2oid != NULL) {
                for (i=0;gss_enc2oid[i].encoded!=NULL;i++)
                        xfree(gss_enc2oid[i].encoded);
@@ -97,12 +100,13 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
        buffer_init(&buf);
        oidpos = 0;
-        for (i=0;i<gss_supported->count;i++) {
+        for (i = 0;i < gss_supported->count;i++) {
-                if (gss_supported->elements[i].length<128 &&
+                if (gss_supported->elements[i].length < 128 &&
                    (*check)(&(gss_supported->elements[i]), data)) {
                        deroid[0] = SSH_GSS_OIDTYPE;
                        deroid[1] = gss_supported->elements[i].length;
                        EVP_DigestInit(&md, evp_md);
                        EVP_DigestUpdate(&md, deroid, 2);
                        EVP_DigestUpdate(&md,
@@ -115,10 +119,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
                            encoded, EVP_MD_size(evp_md)*2);
                        if (oidpos != 0)
-                            buffer_put_char(&buf,',');
+                            buffer_put_char(&buf, ',');
-                        buffer_append(&buf, KEX_GSS_SHA1, 
+                        buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
-                            sizeof(KEX_GSS_SHA1)-1);
+                            sizeof(KEX_GSS_GEX_SHA1_ID)-1);
+                        buffer_append(&buf, encoded, enclen);
+                        buffer_put_char(&buf,',');
+                        buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, 
+                            sizeof(KEX_GSS_GRP1_SHA1_ID)-1);
                        buffer_append(&buf, encoded, enclen);
                        gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
@@ -129,7 +137,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
        gss_enc2oid[oidpos].oid = NULL;
        gss_enc2oid[oidpos].encoded = NULL;
-        buffer_put_char(&buf,'\0');
+        buffer_put_char(&buf, '\0');
        mechs = xmalloc(buffer_len(&buf));
        buffer_get(&buf, mechs, buffer_len(&buf));
@@ -144,21 +152,28 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
 }
 gss_OID
-ssh_gssapi_id_kex(Gssctxt *ctx, char *name) {
+ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int *gex) {
        int i = 0;
-        if (strncmp(name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) != 0) 
+        if (strncmp(name, KEX_GSS_GRP1_SHA1_ID,
+            sizeof(KEX_GSS_GRP1_SHA1_ID)-1) == 0) {
+                name+=sizeof(KEX_GSS_GRP1_SHA1_ID)-1;
+                *gex = 0;
+        } else if (strncmp(name, KEX_GSS_GEX_SHA1_ID,
+            sizeof(KEX_GSS_GEX_SHA1_ID)-1) == 0) {
+                name+=sizeof(KEX_GSS_GEX_SHA1_ID)-1;
+                *gex = 1;
+        } else {
                return NULL;
+        }
-        name+=sizeof(KEX_GSS_SHA1)-1; /* Skip ID string */
        while (gss_enc2oid[i].encoded != NULL &&
-            strcmp(name,gss_enc2oid[i].encoded)!=0) {
+            strcmp(name, gss_enc2oid[i].encoded) != 0) {
                i++;
        }
        if (gss_enc2oid[i].oid != NULL && ctx != NULL)
-                ssh_gssapi_set_oid(ctx,gss_enc2oid[i].oid);
+                ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid);
        return gss_enc2oid[i].oid;
 }
author	Colin Watson <cjwatson@debian.org>	2006-05-12 09:46:51 +0000
committer	Colin Watson <cjwatson@debian.org>	2006-05-12 09:46:51 +0000
commit	2a3e00306c9b3b4db71a777a7c3ccb70e470c675 (patch)
tree	f00af0128b0ac750d739384f111000c1c97007e4 /gss-genr.c
parent	2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (diff)

diff --git a/gss-genr.c b/gss-genr.c index 2a905f5e9..dfaa708ea 100644 --- a/gss-genr.c +++ b/gss-genr.c
@@ -1,7 +1,7 @@
1	/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */	1	/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.	4	* Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
5	*	5	*
6	* Redistribution and use in source and binary forms, with or without	6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions	7	* modification, are permitted provided that the following conditions
@@ -53,6 +53,11 @@ Gssctxt *gss_kex_context = NULL;
53		53
54	static ssh_gss_kex_mapping *gss_enc2oid = NULL;	54	static ssh_gss_kex_mapping *gss_enc2oid = NULL;
55		55
		56	int
		57	ssh_gssapi_oid_table_ok() {
		58	return (gss_enc2oid != NULL);
		59	}
		60
56	/*	61	/*
57	* Return a list of the gss-group1-sha1 mechanisms supported by this program	62	* Return a list of the gss-group1-sha1 mechanisms supported by this program
58	*	63	*
@@ -62,7 +67,7 @@ static ssh_gss_kex_mapping *gss_enc2oid = NULL;
62		67
63		68
64	char *	69	char *
65	ssh_gssapi_client_mechanisms(char *host) {	70	ssh_gssapi_client_mechanisms(const char *host) {
66	gss_OID_set gss_supported;	71	gss_OID_set gss_supported;
67	OM_uint32 min_status;	72	OM_uint32 min_status;
68		73
@@ -83,8 +88,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
83	const EVP_MD *evp_md = EVP_md5();	88	const EVP_MD *evp_md = EVP_md5();
84	EVP_MD_CTX md;	89	EVP_MD_CTX md;
85		90
86	evp_md = EVP_md5();
87
88	if (gss_enc2oid != NULL) {	91	if (gss_enc2oid != NULL) {
89	for (i=0;gss_enc2oid[i].encoded!=NULL;i++)	92	for (i=0;gss_enc2oid[i].encoded!=NULL;i++)
90	xfree(gss_enc2oid[i].encoded);	93	xfree(gss_enc2oid[i].encoded);
@@ -97,12 +100,13 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
97	buffer_init(&buf);	100	buffer_init(&buf);
98		101
99	oidpos = 0;	102	oidpos = 0;
100	for (i=0;i<gss_supported->count;i++) {	103	for (i = 0;i < gss_supported->count;i++) {
101	if (gss_supported->elements[i].length<128 &&	104	if (gss_supported->elements[i].length < 128 &&
102	(*check)(&(gss_supported->elements[i]), data)) {	105	(*check)(&(gss_supported->elements[i]), data)) {
103		106
104	deroid[0] = SSH_GSS_OIDTYPE;	107	deroid[0] = SSH_GSS_OIDTYPE;
105	deroid[1] = gss_supported->elements[i].length;	108	deroid[1] = gss_supported->elements[i].length;
		109
106	EVP_DigestInit(&md, evp_md);	110	EVP_DigestInit(&md, evp_md);
107	EVP_DigestUpdate(&md, deroid, 2);	111	EVP_DigestUpdate(&md, deroid, 2);
108	EVP_DigestUpdate(&md,	112	EVP_DigestUpdate(&md,
@@ -115,10 +119,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
115	encoded, EVP_MD_size(evp_md)*2);	119	encoded, EVP_MD_size(evp_md)*2);
116		120
117	if (oidpos != 0)	121	if (oidpos != 0)
118	buffer_put_char(&buf,',');	122	buffer_put_char(&buf, ',');
119		123
120	buffer_append(&buf, KEX_GSS_SHA1,	124	buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
121	sizeof(KEX_GSS_SHA1)-1);	125	sizeof(KEX_GSS_GEX_SHA1_ID)-1);
		126	buffer_append(&buf, encoded, enclen);
		127	buffer_put_char(&buf,',');
		128	buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID,
		129	sizeof(KEX_GSS_GRP1_SHA1_ID)-1);
122	buffer_append(&buf, encoded, enclen);	130	buffer_append(&buf, encoded, enclen);
123		131
124	gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);	132	gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
@@ -129,7 +137,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
129	gss_enc2oid[oidpos].oid = NULL;	137	gss_enc2oid[oidpos].oid = NULL;
130	gss_enc2oid[oidpos].encoded = NULL;	138	gss_enc2oid[oidpos].encoded = NULL;
131		139
132	buffer_put_char(&buf,'\0');	140	buffer_put_char(&buf, '\0');
133		141
134	mechs = xmalloc(buffer_len(&buf));	142	mechs = xmalloc(buffer_len(&buf));
135	buffer_get(&buf, mechs, buffer_len(&buf));	143	buffer_get(&buf, mechs, buffer_len(&buf));
@@ -144,21 +152,28 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
144	}	152	}
145		153
146	gss_OID	154	gss_OID
147	ssh_gssapi_id_kex(Gssctxt ctx, char name) {	155	ssh_gssapi_id_kex(Gssctxt ctx, char name, int *gex) {
148	int i = 0;	156	int i = 0;
149		157
150	if (strncmp(name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) != 0)	158	if (strncmp(name, KEX_GSS_GRP1_SHA1_ID,
		159	sizeof(KEX_GSS_GRP1_SHA1_ID)-1) == 0) {
		160	name+=sizeof(KEX_GSS_GRP1_SHA1_ID)-1;
		161	*gex = 0;
		162	} else if (strncmp(name, KEX_GSS_GEX_SHA1_ID,
		163	sizeof(KEX_GSS_GEX_SHA1_ID)-1) == 0) {
		164	name+=sizeof(KEX_GSS_GEX_SHA1_ID)-1;
		165	*gex = 1;
		166	} else {
151	return NULL;	167	return NULL;
152		168	}
153	name+=sizeof(KEX_GSS_SHA1)-1; /* Skip ID string */
154		169
155	while (gss_enc2oid[i].encoded != NULL &&	170	while (gss_enc2oid[i].encoded != NULL &&
156	strcmp(name,gss_enc2oid[i].encoded)!=0) {	171	strcmp(name, gss_enc2oid[i].encoded) != 0) {
157	i++;	172	i++;
158	}	173	}
159		174
160	if (gss_enc2oid[i].oid != NULL && ctx != NULL)	175	if (gss_enc2oid[i].oid != NULL && ctx != NULL)
161	ssh_gssapi_set_oid(ctx,gss_enc2oid[i].oid);	176	ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid);
162		177
163	return gss_enc2oid[i].oid;	178	return gss_enc2oid[i].oid;
164	}	179	}