summaryrefslogtreecommitdiff
path: root/roaming_client.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-10 00:27:24 +0000
committerColin Watson <cjwatson@debian.org>2014-02-10 02:40:28 +0000
commita2b8818c5d21cfcba443625251f691a2ea3a29c7 (patch)
tree8fe1fe448cde57eecf71a7bcd57186661b90313f /roaming_client.c
parentd399ecd8eb7d4aed3b7ba0d2727e619607fb901b (diff)
parentee8d8b97cc2c6081df3af453a228992b87309ec4 (diff)
Merge 6.5p1.
* New upstream release (http://www.openssh.com/txt/release-6.5, LP: #1275068): - ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names (closes: #115286).
Diffstat (limited to 'roaming_client.c')
-rw-r--r--roaming_client.c20
1 files changed, 9 insertions, 11 deletions
diff --git a/roaming_client.c b/roaming_client.c
index 81c496827..de049cdc1 100644
--- a/roaming_client.c
+++ b/roaming_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: roaming_client.c,v 1.5 2013/05/17 00:13:14 djm Exp $ */ 1/* $OpenBSD: roaming_client.c,v 1.7 2014/01/09 23:20:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2004-2009 AppGate Network Security AB 3 * Copyright (c) 2004-2009 AppGate Network Security AB
4 * 4 *
@@ -48,6 +48,7 @@
48#include "roaming.h" 48#include "roaming.h"
49#include "ssh2.h" 49#include "ssh2.h"
50#include "sshconnect.h" 50#include "sshconnect.h"
51#include "digest.h"
51 52
52/* import */ 53/* import */
53extern Options options; 54extern Options options;
@@ -90,10 +91,8 @@ request_roaming(void)
90static void 91static void
91roaming_auth_required(void) 92roaming_auth_required(void)
92{ 93{
93 u_char digest[SHA_DIGEST_LENGTH]; 94 u_char digest[SSH_DIGEST_MAX_LENGTH];
94 EVP_MD_CTX md;
95 Buffer b; 95 Buffer b;
96 const EVP_MD *evp_md = EVP_sha1();
97 u_int64_t chall, oldchall; 96 u_int64_t chall, oldchall;
98 97
99 chall = packet_get_int64(); 98 chall = packet_get_int64();
@@ -107,14 +106,13 @@ roaming_auth_required(void)
107 buffer_init(&b); 106 buffer_init(&b);
108 buffer_put_int64(&b, cookie); 107 buffer_put_int64(&b, cookie);
109 buffer_put_int64(&b, chall); 108 buffer_put_int64(&b, chall);
110 EVP_DigestInit(&md, evp_md); 109 if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0)
111 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); 110 fatal("%s: ssh_digest_buffer failed", __func__);
112 EVP_DigestFinal(&md, digest, NULL);
113 buffer_free(&b); 111 buffer_free(&b);
114 112
115 packet_start(SSH2_MSG_KEX_ROAMING_AUTH); 113 packet_start(SSH2_MSG_KEX_ROAMING_AUTH);
116 packet_put_int64(key1 ^ get_recv_bytes()); 114 packet_put_int64(key1 ^ get_recv_bytes());
117 packet_put_raw(digest, sizeof(digest)); 115 packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1));
118 packet_send(); 116 packet_send();
119 117
120 oldkey1 = key1; 118 oldkey1 = key1;
@@ -259,10 +257,10 @@ wait_for_roaming_reconnect(void)
259 if (c != '\n' && c != '\r') 257 if (c != '\n' && c != '\r')
260 continue; 258 continue;
261 259
262 if (ssh_connect(host, &hostaddr, options.port, 260 if (ssh_connect(host, NULL, &hostaddr, options.port,
263 options.address_family, 1, &timeout_ms, 261 options.address_family, 1, &timeout_ms,
264 options.tcp_keep_alive, options.use_privileged_port, 262 options.tcp_keep_alive, options.use_privileged_port) == 0 &&
265 options.proxy_command) == 0 && roaming_resume() == 0) { 263 roaming_resume() == 0) {
266 packet_restore_state(); 264 packet_restore_state();
267 reenter_guard = 0; 265 reenter_guard = 0;
268 fprintf(stderr, "[connection resumed]\n"); 266 fprintf(stderr, "[connection resumed]\n");
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-13 13:41:40 +0000