summaryrefslogtreecommitdiff
path: root/kexgssc.c
diff options
context:
space:
mode:
Diffstat (limited to 'kexgssc.c')
-rw-r--r--kexgssc.c25
1 files changed, 20 insertions, 5 deletions
diff --git a/kexgssc.c b/kexgssc.c
index 7c4a56f45..39be40531 100644
--- a/kexgssc.c
+++ b/kexgssc.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. 2 * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
@@ -59,6 +59,7 @@ kexgss_client(Kex *kex) {
59 BIGNUM *g = NULL; 59 BIGNUM *g = NULL;
60 u_char *kbuf, *hash; 60 u_char *kbuf, *hash;
61 u_char *serverhostkey = NULL; 61 u_char *serverhostkey = NULL;
62 u_char *empty = "";
62 char *msg; 63 char *msg;
63 char *lang; 64 char *lang;
64 int type = 0; 65 int type = 0;
@@ -73,7 +74,11 @@ kexgss_client(Kex *kex) {
73 74
74 if (ssh_gssapi_import_name(ctxt, kex->gss_host)) 75 if (ssh_gssapi_import_name(ctxt, kex->gss_host))
75 fatal("Couldn't import hostname"); 76 fatal("Couldn't import hostname");
76 77
78 if (kex->gss_client &&
79 ssh_gssapi_client_identity(ctxt, kex->gss_client))
80 fatal("Couldn't acquire client credentials");
81
77 switch (kex->kex_type) { 82 switch (kex->kex_type) {
78 case KEX_GSS_GRP1_SHA1: 83 case KEX_GSS_GRP1_SHA1:
79 dh = dh_new_group1(); 84 dh = dh_new_group1();
@@ -245,9 +250,16 @@ kexgss_client(Kex *kex) {
245 klen = DH_size(dh); 250 klen = DH_size(dh);
246 kbuf = xmalloc(klen); 251 kbuf = xmalloc(klen);
247 kout = DH_compute_key(kbuf, dh_server_pub, dh); 252 kout = DH_compute_key(kbuf, dh_server_pub, dh);
253 if (kout < 0)
254 fatal("DH_compute_key: failed");
248 255
249 shared_secret = BN_new(); 256 shared_secret = BN_new();
250 BN_bin2bn(kbuf,kout, shared_secret); 257 if (shared_secret == NULL)
258 fatal("kexgss_client: BN_new failed");
259
260 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
261 fatal("kexdh_client: BN_bin2bn failed");
262
251 memset(kbuf, 0, klen); 263 memset(kbuf, 0, klen);
252 xfree(kbuf); 264 xfree(kbuf);
253 265
@@ -258,7 +270,7 @@ kexgss_client(Kex *kex) {
258 kex->server_version_string, 270 kex->server_version_string,
259 buffer_ptr(&kex->my), buffer_len(&kex->my), 271 buffer_ptr(&kex->my), buffer_len(&kex->my),
260 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 272 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
261 serverhostkey, slen, /* server host key */ 273 (serverhostkey ? serverhostkey : empty), slen,
262 dh->pub_key, /* e */ 274 dh->pub_key, /* e */
263 dh_server_pub, /* f */ 275 dh_server_pub, /* f */
264 shared_secret, /* K */ 276 shared_secret, /* K */
@@ -272,7 +284,7 @@ kexgss_client(Kex *kex) {
272 kex->server_version_string, 284 kex->server_version_string,
273 buffer_ptr(&kex->my), buffer_len(&kex->my), 285 buffer_ptr(&kex->my), buffer_len(&kex->my),
274 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 286 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
275 serverhostkey, slen, 287 (serverhostkey ? serverhostkey : empty), slen,
276 min, nbits, max, 288 min, nbits, max,
277 dh->p, dh->g, 289 dh->p, dh->g,
278 dh->pub_key, 290 dh->pub_key,
@@ -306,6 +318,9 @@ kexgss_client(Kex *kex) {
306 memcpy(kex->session_id, hash, kex->session_id_len); 318 memcpy(kex->session_id, hash, kex->session_id_len);
307 } 319 }
308 320
321 if (kex->gss_deleg_creds)
322 ssh_gssapi_credentials_updated(ctxt);
323
309 if (gss_kex_context == NULL) 324 if (gss_kex_context == NULL)
310 gss_kex_context = ctxt; 325 gss_kex_context = ctxt;
311 else 326 else
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 20:23:27 +0000