1 files changed, 35 insertions, 20 deletions
diff --git a/gss-genr.c b/gss-genr.c
index 36925df4e..9dec270a3 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,7 +1,7 @@
-/*      $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $        */
+/*      $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $        */
 /*
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -55,6 +55,11 @@ Gssctxt *gss_kex_context = NULL;
 static ssh_gss_kex_mapping *gss_enc2oid = NULL;
+int 
+ssh_gssapi_oid_table_ok() {
+        return (gss_enc2oid != NULL);
+}
 /*
 * Return a list of the gss-group1-sha1 mechanisms supported by this program
 *
@@ -64,7 +69,7 @@ static ssh_gss_kex_mapping *gss_enc2oid = NULL;
 char *
-ssh_gssapi_client_mechanisms(char *host) {
+ssh_gssapi_client_mechanisms(const char *host) {
        gss_OID_set gss_supported;
        OM_uint32 min_status;
@@ -85,8 +90,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
        const EVP_MD *evp_md = EVP_md5();
        EVP_MD_CTX md;
-        evp_md = EVP_md5();
        if (gss_enc2oid != NULL) {
                for (i=0;gss_enc2oid[i].encoded!=NULL;i++)
                        xfree(gss_enc2oid[i].encoded);
@@ -99,12 +102,13 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
        buffer_init(&buf);
        oidpos = 0;
-        for (i=0;i<gss_supported->count;i++) {
+        for (i = 0;i < gss_supported->count;i++) {
-                if (gss_supported->elements[i].length<128 &&
+                if (gss_supported->elements[i].length < 128 &&
                    (*check)(&(gss_supported->elements[i]), data)) {
                        deroid[0] = SSH_GSS_OIDTYPE;
                        deroid[1] = gss_supported->elements[i].length;
                        EVP_DigestInit(&md, evp_md);
                        EVP_DigestUpdate(&md, deroid, 2);
                        EVP_DigestUpdate(&md,
@@ -117,10 +121,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
                            encoded, EVP_MD_size(evp_md)*2);
                        if (oidpos != 0)
-                            buffer_put_char(&buf,',');
+                            buffer_put_char(&buf, ',');
-                        buffer_append(&buf, KEX_GSS_SHA1, 
+                        buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
-                            sizeof(KEX_GSS_SHA1)-1);
+                            sizeof(KEX_GSS_GEX_SHA1_ID)-1);
+                        buffer_append(&buf, encoded, enclen);
+                        buffer_put_char(&buf,',');
+                        buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, 
+                            sizeof(KEX_GSS_GRP1_SHA1_ID)-1);
                        buffer_append(&buf, encoded, enclen);
                        gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
@@ -131,7 +139,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
        gss_enc2oid[oidpos].oid = NULL;
        gss_enc2oid[oidpos].encoded = NULL;
-        buffer_put_char(&buf,'\0');
+        buffer_put_char(&buf, '\0');
        mechs = xmalloc(buffer_len(&buf));
        buffer_get(&buf, mechs, buffer_len(&buf));
@@ -146,21 +154,28 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
 }
 gss_OID
-ssh_gssapi_id_kex(Gssctxt *ctx, char *name) {
+ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int *gex) {
        int i = 0;
-        if (strncmp(name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) != 0) 
+        if (strncmp(name, KEX_GSS_GRP1_SHA1_ID,
+            sizeof(KEX_GSS_GRP1_SHA1_ID)-1) == 0) {
+                name+=sizeof(KEX_GSS_GRP1_SHA1_ID)-1;
+                *gex = 0;
+        } else if (strncmp(name, KEX_GSS_GEX_SHA1_ID,
+            sizeof(KEX_GSS_GEX_SHA1_ID)-1) == 0) {
+                name+=sizeof(KEX_GSS_GEX_SHA1_ID)-1;
+                *gex = 1;
+        } else {
                return NULL;
+        }
-        name+=sizeof(KEX_GSS_SHA1)-1; /* Skip ID string */
        while (gss_enc2oid[i].encoded != NULL &&
-            strcmp(name,gss_enc2oid[i].encoded)!=0) {
+            strcmp(name, gss_enc2oid[i].encoded) != 0) {
                i++;
        }
        if (gss_enc2oid[i].oid != NULL && ctx != NULL)
-                ssh_gssapi_set_oid(ctx,gss_enc2oid[i].oid);
+                ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid);
        return gss_enc2oid[i].oid;
 }
@@ -203,8 +218,8 @@ ssh_gssapi_error(Gssctxt *ctxt)
 }
 char *
-ssh_gssapi_last_error(Gssctxt *ctxt,
+ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
-                      OM_uint32 *major_status, OM_uint32 *minor_status)
+    OM_uint32 *minor_status)
 {
        OM_uint32 lmin;
        gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
@@ -422,7 +437,7 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
 int
 ssh_gssapi_check_mechanism(gss_OID oid, void *host) {
        Gssctxt * ctx = NULL;
-        gss_buffer_desc token;
+        gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
        OM_uint32 major, minor;
        
        ssh_gssapi_build_ctx(&ctx);

diff --git a/gss-genr.c b/gss-genr.c index 36925df4e..9dec270a3 100644 --- a/gss-genr.c +++ b/gss-genr.c
@@ -1,7 +1,7 @@
1	/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */	1	/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.	4	* Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
5	*	5	*
6	* Redistribution and use in source and binary forms, with or without	6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions	7	* modification, are permitted provided that the following conditions
@@ -55,6 +55,11 @@ Gssctxt *gss_kex_context = NULL;
55		55
56	static ssh_gss_kex_mapping *gss_enc2oid = NULL;	56	static ssh_gss_kex_mapping *gss_enc2oid = NULL;
57		57
		58	int
		59	ssh_gssapi_oid_table_ok() {
		60	return (gss_enc2oid != NULL);
		61	}
		62
58	/*	63	/*
59	* Return a list of the gss-group1-sha1 mechanisms supported by this program	64	* Return a list of the gss-group1-sha1 mechanisms supported by this program
60	*	65	*
@@ -64,7 +69,7 @@ static ssh_gss_kex_mapping *gss_enc2oid = NULL;
64		69
65		70
66	char *	71	char *
67	ssh_gssapi_client_mechanisms(char *host) {	72	ssh_gssapi_client_mechanisms(const char *host) {
68	gss_OID_set gss_supported;	73	gss_OID_set gss_supported;
69	OM_uint32 min_status;	74	OM_uint32 min_status;
70		75
@@ -85,8 +90,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
85	const EVP_MD *evp_md = EVP_md5();	90	const EVP_MD *evp_md = EVP_md5();
86	EVP_MD_CTX md;	91	EVP_MD_CTX md;
87		92
88	evp_md = EVP_md5();
89
90	if (gss_enc2oid != NULL) {	93	if (gss_enc2oid != NULL) {
91	for (i=0;gss_enc2oid[i].encoded!=NULL;i++)	94	for (i=0;gss_enc2oid[i].encoded!=NULL;i++)
92	xfree(gss_enc2oid[i].encoded);	95	xfree(gss_enc2oid[i].encoded);
@@ -99,12 +102,13 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
99	buffer_init(&buf);	102	buffer_init(&buf);
100		103
101	oidpos = 0;	104	oidpos = 0;
102	for (i=0;i<gss_supported->count;i++) {	105	for (i = 0;i < gss_supported->count;i++) {
103	if (gss_supported->elements[i].length<128 &&	106	if (gss_supported->elements[i].length < 128 &&
104	(*check)(&(gss_supported->elements[i]), data)) {	107	(*check)(&(gss_supported->elements[i]), data)) {
105		108
106	deroid[0] = SSH_GSS_OIDTYPE;	109	deroid[0] = SSH_GSS_OIDTYPE;
107	deroid[1] = gss_supported->elements[i].length;	110	deroid[1] = gss_supported->elements[i].length;
		111
108	EVP_DigestInit(&md, evp_md);	112	EVP_DigestInit(&md, evp_md);
109	EVP_DigestUpdate(&md, deroid, 2);	113	EVP_DigestUpdate(&md, deroid, 2);
110	EVP_DigestUpdate(&md,	114	EVP_DigestUpdate(&md,
@@ -117,10 +121,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
117	encoded, EVP_MD_size(evp_md)*2);	121	encoded, EVP_MD_size(evp_md)*2);
118		122
119	if (oidpos != 0)	123	if (oidpos != 0)
120	buffer_put_char(&buf,',');	124	buffer_put_char(&buf, ',');
121		125
122	buffer_append(&buf, KEX_GSS_SHA1,	126	buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
123	sizeof(KEX_GSS_SHA1)-1);	127	sizeof(KEX_GSS_GEX_SHA1_ID)-1);
		128	buffer_append(&buf, encoded, enclen);
		129	buffer_put_char(&buf,',');
		130	buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID,
		131	sizeof(KEX_GSS_GRP1_SHA1_ID)-1);
124	buffer_append(&buf, encoded, enclen);	132	buffer_append(&buf, encoded, enclen);
125		133
126	gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);	134	gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
@@ -131,7 +139,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
131	gss_enc2oid[oidpos].oid = NULL;	139	gss_enc2oid[oidpos].oid = NULL;
132	gss_enc2oid[oidpos].encoded = NULL;	140	gss_enc2oid[oidpos].encoded = NULL;
133		141
134	buffer_put_char(&buf,'\0');	142	buffer_put_char(&buf, '\0');
135		143
136	mechs = xmalloc(buffer_len(&buf));	144	mechs = xmalloc(buffer_len(&buf));
137	buffer_get(&buf, mechs, buffer_len(&buf));	145	buffer_get(&buf, mechs, buffer_len(&buf));
@@ -146,21 +154,28 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
146	}	154	}
147		155
148	gss_OID	156	gss_OID
149	ssh_gssapi_id_kex(Gssctxt ctx, char name) {	157	ssh_gssapi_id_kex(Gssctxt ctx, char name, int *gex) {
150	int i = 0;	158	int i = 0;
151		159
152	if (strncmp(name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) != 0)	160	if (strncmp(name, KEX_GSS_GRP1_SHA1_ID,
		161	sizeof(KEX_GSS_GRP1_SHA1_ID)-1) == 0) {
		162	name+=sizeof(KEX_GSS_GRP1_SHA1_ID)-1;
		163	*gex = 0;
		164	} else if (strncmp(name, KEX_GSS_GEX_SHA1_ID,
		165	sizeof(KEX_GSS_GEX_SHA1_ID)-1) == 0) {
		166	name+=sizeof(KEX_GSS_GEX_SHA1_ID)-1;
		167	*gex = 1;
		168	} else {
153	return NULL;	169	return NULL;
154		170	}
155	name+=sizeof(KEX_GSS_SHA1)-1; /* Skip ID string */
156		171
157	while (gss_enc2oid[i].encoded != NULL &&	172	while (gss_enc2oid[i].encoded != NULL &&
158	strcmp(name,gss_enc2oid[i].encoded)!=0) {	173	strcmp(name, gss_enc2oid[i].encoded) != 0) {
159	i++;	174	i++;
160	}	175	}
161		176
162	if (gss_enc2oid[i].oid != NULL && ctx != NULL)	177	if (gss_enc2oid[i].oid != NULL && ctx != NULL)
163	ssh_gssapi_set_oid(ctx,gss_enc2oid[i].oid);	178	ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid);
164		179
165	return gss_enc2oid[i].oid;	180	return gss_enc2oid[i].oid;
166	}	181	}
@@ -203,8 +218,8 @@ ssh_gssapi_error(Gssctxt *ctxt)
203	}	218	}
204		219
205	char *	220	char *
206	ssh_gssapi_last_error(Gssctxt *ctxt,	221	ssh_gssapi_last_error(Gssctxt ctxt, OM_uint32 major_status,
207	OM_uint32 major_status, OM_uint32 minor_status)	222	OM_uint32 *minor_status)
208	{	223	{
209	OM_uint32 lmin;	224	OM_uint32 lmin;
210	gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;	225	gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
@@ -422,7 +437,7 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
422	int	437	int
423	ssh_gssapi_check_mechanism(gss_OID oid, void *host) {	438	ssh_gssapi_check_mechanism(gss_OID oid, void *host) {
424	Gssctxt * ctx = NULL;	439	Gssctxt * ctx = NULL;
425	gss_buffer_desc token;	440	gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
426	OM_uint32 major, minor;	441	OM_uint32 major, minor;
427		442
428	ssh_gssapi_build_ctx(&ctx);	443	ssh_gssapi_build_ctx(&ctx);