diff options
author | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:32:03 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:32:03 +0000 |
commit | 04942aa41fa94ec6f2c3ce1d348f600f31bb7c78 (patch) | |
tree | af8e928bd79d3f2d0219bb5b2c78b573ec31d94c /gss-genr.c | |
parent | 9ad7b718d42e43f3a285fcbc8f91193931fce324 (diff) | |
parent | 16704d57999d987fb8d9ba53379841a79f016d67 (diff) |
import openssh-4.2p1-gsskex-20050926-2.patch
Diffstat (limited to 'gss-genr.c')
-rw-r--r-- | gss-genr.c | 55 |
1 files changed, 35 insertions, 20 deletions
diff --git a/gss-genr.c b/gss-genr.c index 36925df4e..9dec270a3 100644 --- a/gss-genr.c +++ b/gss-genr.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */ | 1 | /* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved. |
5 | * | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions |
@@ -55,6 +55,11 @@ Gssctxt *gss_kex_context = NULL; | |||
55 | 55 | ||
56 | static ssh_gss_kex_mapping *gss_enc2oid = NULL; | 56 | static ssh_gss_kex_mapping *gss_enc2oid = NULL; |
57 | 57 | ||
58 | int | ||
59 | ssh_gssapi_oid_table_ok() { | ||
60 | return (gss_enc2oid != NULL); | ||
61 | } | ||
62 | |||
58 | /* | 63 | /* |
59 | * Return a list of the gss-group1-sha1 mechanisms supported by this program | 64 | * Return a list of the gss-group1-sha1 mechanisms supported by this program |
60 | * | 65 | * |
@@ -64,7 +69,7 @@ static ssh_gss_kex_mapping *gss_enc2oid = NULL; | |||
64 | 69 | ||
65 | 70 | ||
66 | char * | 71 | char * |
67 | ssh_gssapi_client_mechanisms(char *host) { | 72 | ssh_gssapi_client_mechanisms(const char *host) { |
68 | gss_OID_set gss_supported; | 73 | gss_OID_set gss_supported; |
69 | OM_uint32 min_status; | 74 | OM_uint32 min_status; |
70 | 75 | ||
@@ -85,8 +90,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, | |||
85 | const EVP_MD *evp_md = EVP_md5(); | 90 | const EVP_MD *evp_md = EVP_md5(); |
86 | EVP_MD_CTX md; | 91 | EVP_MD_CTX md; |
87 | 92 | ||
88 | evp_md = EVP_md5(); | ||
89 | |||
90 | if (gss_enc2oid != NULL) { | 93 | if (gss_enc2oid != NULL) { |
91 | for (i=0;gss_enc2oid[i].encoded!=NULL;i++) | 94 | for (i=0;gss_enc2oid[i].encoded!=NULL;i++) |
92 | xfree(gss_enc2oid[i].encoded); | 95 | xfree(gss_enc2oid[i].encoded); |
@@ -99,12 +102,13 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, | |||
99 | buffer_init(&buf); | 102 | buffer_init(&buf); |
100 | 103 | ||
101 | oidpos = 0; | 104 | oidpos = 0; |
102 | for (i=0;i<gss_supported->count;i++) { | 105 | for (i = 0;i < gss_supported->count;i++) { |
103 | if (gss_supported->elements[i].length<128 && | 106 | if (gss_supported->elements[i].length < 128 && |
104 | (*check)(&(gss_supported->elements[i]), data)) { | 107 | (*check)(&(gss_supported->elements[i]), data)) { |
105 | 108 | ||
106 | deroid[0] = SSH_GSS_OIDTYPE; | 109 | deroid[0] = SSH_GSS_OIDTYPE; |
107 | deroid[1] = gss_supported->elements[i].length; | 110 | deroid[1] = gss_supported->elements[i].length; |
111 | |||
108 | EVP_DigestInit(&md, evp_md); | 112 | EVP_DigestInit(&md, evp_md); |
109 | EVP_DigestUpdate(&md, deroid, 2); | 113 | EVP_DigestUpdate(&md, deroid, 2); |
110 | EVP_DigestUpdate(&md, | 114 | EVP_DigestUpdate(&md, |
@@ -117,10 +121,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, | |||
117 | encoded, EVP_MD_size(evp_md)*2); | 121 | encoded, EVP_MD_size(evp_md)*2); |
118 | 122 | ||
119 | if (oidpos != 0) | 123 | if (oidpos != 0) |
120 | buffer_put_char(&buf,','); | 124 | buffer_put_char(&buf, ','); |
121 | 125 | ||
122 | buffer_append(&buf, KEX_GSS_SHA1, | 126 | buffer_append(&buf, KEX_GSS_GEX_SHA1_ID, |
123 | sizeof(KEX_GSS_SHA1)-1); | 127 | sizeof(KEX_GSS_GEX_SHA1_ID)-1); |
128 | buffer_append(&buf, encoded, enclen); | ||
129 | buffer_put_char(&buf,','); | ||
130 | buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, | ||
131 | sizeof(KEX_GSS_GRP1_SHA1_ID)-1); | ||
124 | buffer_append(&buf, encoded, enclen); | 132 | buffer_append(&buf, encoded, enclen); |
125 | 133 | ||
126 | gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]); | 134 | gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]); |
@@ -131,7 +139,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, | |||
131 | gss_enc2oid[oidpos].oid = NULL; | 139 | gss_enc2oid[oidpos].oid = NULL; |
132 | gss_enc2oid[oidpos].encoded = NULL; | 140 | gss_enc2oid[oidpos].encoded = NULL; |
133 | 141 | ||
134 | buffer_put_char(&buf,'\0'); | 142 | buffer_put_char(&buf, '\0'); |
135 | 143 | ||
136 | mechs = xmalloc(buffer_len(&buf)); | 144 | mechs = xmalloc(buffer_len(&buf)); |
137 | buffer_get(&buf, mechs, buffer_len(&buf)); | 145 | buffer_get(&buf, mechs, buffer_len(&buf)); |
@@ -146,21 +154,28 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, | |||
146 | } | 154 | } |
147 | 155 | ||
148 | gss_OID | 156 | gss_OID |
149 | ssh_gssapi_id_kex(Gssctxt *ctx, char *name) { | 157 | ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int *gex) { |
150 | int i = 0; | 158 | int i = 0; |
151 | 159 | ||
152 | if (strncmp(name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) != 0) | 160 | if (strncmp(name, KEX_GSS_GRP1_SHA1_ID, |
161 | sizeof(KEX_GSS_GRP1_SHA1_ID)-1) == 0) { | ||
162 | name+=sizeof(KEX_GSS_GRP1_SHA1_ID)-1; | ||
163 | *gex = 0; | ||
164 | } else if (strncmp(name, KEX_GSS_GEX_SHA1_ID, | ||
165 | sizeof(KEX_GSS_GEX_SHA1_ID)-1) == 0) { | ||
166 | name+=sizeof(KEX_GSS_GEX_SHA1_ID)-1; | ||
167 | *gex = 1; | ||
168 | } else { | ||
153 | return NULL; | 169 | return NULL; |
154 | 170 | } | |
155 | name+=sizeof(KEX_GSS_SHA1)-1; /* Skip ID string */ | ||
156 | 171 | ||
157 | while (gss_enc2oid[i].encoded != NULL && | 172 | while (gss_enc2oid[i].encoded != NULL && |
158 | strcmp(name,gss_enc2oid[i].encoded)!=0) { | 173 | strcmp(name, gss_enc2oid[i].encoded) != 0) { |
159 | i++; | 174 | i++; |
160 | } | 175 | } |
161 | 176 | ||
162 | if (gss_enc2oid[i].oid != NULL && ctx != NULL) | 177 | if (gss_enc2oid[i].oid != NULL && ctx != NULL) |
163 | ssh_gssapi_set_oid(ctx,gss_enc2oid[i].oid); | 178 | ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid); |
164 | 179 | ||
165 | return gss_enc2oid[i].oid; | 180 | return gss_enc2oid[i].oid; |
166 | } | 181 | } |
@@ -203,8 +218,8 @@ ssh_gssapi_error(Gssctxt *ctxt) | |||
203 | } | 218 | } |
204 | 219 | ||
205 | char * | 220 | char * |
206 | ssh_gssapi_last_error(Gssctxt *ctxt, | 221 | ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, |
207 | OM_uint32 *major_status, OM_uint32 *minor_status) | 222 | OM_uint32 *minor_status) |
208 | { | 223 | { |
209 | OM_uint32 lmin; | 224 | OM_uint32 lmin; |
210 | gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; | 225 | gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; |
@@ -422,7 +437,7 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) { | |||
422 | int | 437 | int |
423 | ssh_gssapi_check_mechanism(gss_OID oid, void *host) { | 438 | ssh_gssapi_check_mechanism(gss_OID oid, void *host) { |
424 | Gssctxt * ctx = NULL; | 439 | Gssctxt * ctx = NULL; |
425 | gss_buffer_desc token; | 440 | gss_buffer_desc token = GSS_C_EMPTY_BUFFER; |
426 | OM_uint32 major, minor; | 441 | OM_uint32 major, minor; |
427 | 442 | ||
428 | ssh_gssapi_build_ctx(&ctx); | 443 | ssh_gssapi_build_ctx(&ctx); |