diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 02:30:41 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 02:30:41 +0000 |
commit | 7a2073c50b92c053594d48a651ebafae052a71ed (patch) | |
tree | 7cfceb925262a07a356b0667e19f33eec497b602 /kexgex.c | |
parent | 0f345f5ee1e71e1e9f8780ec13b2da23b6a9f7f8 (diff) |
- provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
Diffstat (limited to 'kexgex.c')
-rw-r--r-- | kexgex.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -24,7 +24,7 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $"); | 27 | RCSID("$OpenBSD: kexgex.c,v 1.21 2002/03/18 17:50:31 provos Exp $"); |
28 | 28 | ||
29 | #include <openssl/bn.h> | 29 | #include <openssl/bn.h> |
30 | 30 | ||
@@ -38,6 +38,7 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $"); | |||
38 | #include "dh.h" | 38 | #include "dh.h" |
39 | #include "ssh2.h" | 39 | #include "ssh2.h" |
40 | #include "compat.h" | 40 | #include "compat.h" |
41 | #include "monitor_wrap.h" | ||
41 | 42 | ||
42 | static u_char * | 43 | static u_char * |
43 | kexgex_hash( | 44 | kexgex_hash( |
@@ -296,7 +297,8 @@ kexgex_server(Kex *kex) | |||
296 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", | 297 | fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", |
297 | min, nbits, max); | 298 | min, nbits, max); |
298 | 299 | ||
299 | dh = choose_dh(min, nbits, max); | 300 | /* Contact privileged parent */ |
301 | dh = PRIVSEP(choose_dh(min, nbits, max)); | ||
300 | if (dh == NULL) | 302 | if (dh == NULL) |
301 | packet_disconnect("Protocol error: no matching DH grp found"); | 303 | packet_disconnect("Protocol error: no matching DH grp found"); |
302 | 304 | ||
@@ -379,7 +381,7 @@ kexgex_server(Kex *kex) | |||
379 | 381 | ||
380 | /* sign H */ | 382 | /* sign H */ |
381 | /* XXX hashlen depends on KEX */ | 383 | /* XXX hashlen depends on KEX */ |
382 | key_sign(server_host_key, &signature, &slen, hash, 20); | 384 | PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); |
383 | 385 | ||
384 | /* destroy_sensitive_data(); */ | 386 | /* destroy_sensitive_data(); */ |
385 | 387 | ||
@@ -390,6 +392,7 @@ kexgex_server(Kex *kex) | |||
390 | packet_put_bignum2(dh->pub_key); /* f */ | 392 | packet_put_bignum2(dh->pub_key); /* f */ |
391 | packet_put_string(signature, slen); | 393 | packet_put_string(signature, slen); |
392 | packet_send(); | 394 | packet_send(); |
395 | |||
393 | xfree(signature); | 396 | xfree(signature); |
394 | xfree(server_host_key_blob); | 397 | xfree(server_host_key_blob); |
395 | /* have keys, free DH */ | 398 | /* have keys, free DH */ |