summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog1
-rw-r--r--sshconnect2.c23
2 files changed, 14 insertions, 10 deletions
diff --git a/debian/changelog b/debian/changelog
index cc07f92d5..2fcb3a27e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ openssh (1:4.2p1-5) UNRELEASED; urgency=low
2 2
3 * Add a CVE name to the 1:4.0p1-1 changelog entry. 3 * Add a CVE name to the 1:4.0p1-1 changelog entry.
4 * Build-depend on libselinux1-dev on armeb. 4 * Build-depend on libselinux1-dev on armeb.
5 * Only send GSSAPI proposal if GSSAPIAuthentication is enabled.
5 6
6 -- Colin Watson <cjwatson@debian.org> Mon, 3 Oct 2005 14:12:58 +0100 7 -- Colin Watson <cjwatson@debian.org> Mon, 3 Oct 2005 14:12:58 +0100
7 8
diff --git a/sshconnect2.c b/sshconnect2.c
index 601a49429..579e60c1c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -85,7 +85,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
85 Kex *kex; 85 Kex *kex;
86 86
87#ifdef GSSAPI 87#ifdef GSSAPI
88 char *orig, *gss; 88 char *orig, *gss = NULL;
89 int len; 89 int len;
90#endif 90#endif
91 91
@@ -93,14 +93,16 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
93 xxx_hostaddr = hostaddr; 93 xxx_hostaddr = hostaddr;
94 94
95#ifdef GSSAPI 95#ifdef GSSAPI
96 orig = myproposal[PROPOSAL_KEX_ALGS]; 96 if (options.gss_authentication) {
97 gss = ssh_gssapi_client_mechanisms(get_canonical_hostname(1)); 97 orig = myproposal[PROPOSAL_KEX_ALGS];
98 debug("Offering GSSAPI proposal: %s",gss); 98 gss = ssh_gssapi_client_mechanisms(get_canonical_hostname(1));
99 if (gss) { 99 debug("Offering GSSAPI proposal: %s",gss);
100 len = strlen(orig) + strlen(gss) + 2; 100 if (gss) {
101 myproposal[PROPOSAL_KEX_ALGS] = xmalloc(len); 101 len = strlen(orig) + strlen(gss) + 2;
102 snprintf(myproposal[PROPOSAL_KEX_ALGS], len, "%s,%s", gss, 102 myproposal[PROPOSAL_KEX_ALGS] = xmalloc(len);
103 orig); 103 snprintf(myproposal[PROPOSAL_KEX_ALGS], len, "%s,%s",
104 gss, orig);
105 }
104 } 106 }
105#endif 107#endif
106 108
@@ -150,7 +152,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
150 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 152 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
151 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 153 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
152#ifdef GSSAPI 154#ifdef GSSAPI
153 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; 155 if (options.gss_authentication)
156 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
154#endif 157#endif
155 kex->client_version_string=client_version_string; 158 kex->client_version_string=client_version_string;
156 kex->server_version_string=server_version_string; 159 kex->server_version_string=server_version_string;