diff options
-rw-r--r-- | debian/changelog | 1 | ||||
-rw-r--r-- | sshconnect2.c | 23 |
2 files changed, 14 insertions, 10 deletions
diff --git a/debian/changelog b/debian/changelog index cc07f92d5..2fcb3a27e 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -2,6 +2,7 @@ openssh (1:4.2p1-5) UNRELEASED; urgency=low | |||
2 | 2 | ||
3 | * Add a CVE name to the 1:4.0p1-1 changelog entry. | 3 | * Add a CVE name to the 1:4.0p1-1 changelog entry. |
4 | * Build-depend on libselinux1-dev on armeb. | 4 | * Build-depend on libselinux1-dev on armeb. |
5 | * Only send GSSAPI proposal if GSSAPIAuthentication is enabled. | ||
5 | 6 | ||
6 | -- Colin Watson <cjwatson@debian.org> Mon, 3 Oct 2005 14:12:58 +0100 | 7 | -- Colin Watson <cjwatson@debian.org> Mon, 3 Oct 2005 14:12:58 +0100 |
7 | 8 | ||
diff --git a/sshconnect2.c b/sshconnect2.c index 601a49429..579e60c1c 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -85,7 +85,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
85 | Kex *kex; | 85 | Kex *kex; |
86 | 86 | ||
87 | #ifdef GSSAPI | 87 | #ifdef GSSAPI |
88 | char *orig, *gss; | 88 | char *orig, *gss = NULL; |
89 | int len; | 89 | int len; |
90 | #endif | 90 | #endif |
91 | 91 | ||
@@ -93,14 +93,16 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
93 | xxx_hostaddr = hostaddr; | 93 | xxx_hostaddr = hostaddr; |
94 | 94 | ||
95 | #ifdef GSSAPI | 95 | #ifdef GSSAPI |
96 | orig = myproposal[PROPOSAL_KEX_ALGS]; | 96 | if (options.gss_authentication) { |
97 | gss = ssh_gssapi_client_mechanisms(get_canonical_hostname(1)); | 97 | orig = myproposal[PROPOSAL_KEX_ALGS]; |
98 | debug("Offering GSSAPI proposal: %s",gss); | 98 | gss = ssh_gssapi_client_mechanisms(get_canonical_hostname(1)); |
99 | if (gss) { | 99 | debug("Offering GSSAPI proposal: %s",gss); |
100 | len = strlen(orig) + strlen(gss) + 2; | 100 | if (gss) { |
101 | myproposal[PROPOSAL_KEX_ALGS] = xmalloc(len); | 101 | len = strlen(orig) + strlen(gss) + 2; |
102 | snprintf(myproposal[PROPOSAL_KEX_ALGS], len, "%s,%s", gss, | 102 | myproposal[PROPOSAL_KEX_ALGS] = xmalloc(len); |
103 | orig); | 103 | snprintf(myproposal[PROPOSAL_KEX_ALGS], len, "%s,%s", |
104 | gss, orig); | ||
105 | } | ||
104 | } | 106 | } |
105 | #endif | 107 | #endif |
106 | 108 | ||
@@ -150,7 +152,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
150 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; | 152 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; |
151 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 153 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
152 | #ifdef GSSAPI | 154 | #ifdef GSSAPI |
153 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; | 155 | if (options.gss_authentication) |
156 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; | ||
154 | #endif | 157 | #endif |
155 | kex->client_version_string=client_version_string; | 158 | kex->client_version_string=client_version_string; |
156 | kex->server_version_string=server_version_string; | 159 | kex->server_version_string=server_version_string; |