diff options
Diffstat (limited to 'kexgsss.c')
-rw-r--r-- | kexgsss.c | 25 |
1 files changed, 21 insertions, 4 deletions
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. | 2 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
3 | * | 3 | * |
4 | * Redistribution and use in source and binary forms, with or without | 4 | * Redistribution and use in source and binary forms, with or without |
5 | * modification, are permitted provided that the following conditions | 5 | * modification, are permitted provided that the following conditions |
@@ -42,6 +42,9 @@ | |||
42 | #include "dh.h" | 42 | #include "dh.h" |
43 | #include "ssh-gss.h" | 43 | #include "ssh-gss.h" |
44 | #include "monitor_wrap.h" | 44 | #include "monitor_wrap.h" |
45 | #include "servconf.h" | ||
46 | |||
47 | extern ServerOptions options; | ||
45 | 48 | ||
46 | void | 49 | void |
47 | kexgss_server(Kex *kex) | 50 | kexgss_server(Kex *kex) |
@@ -67,6 +70,7 @@ kexgss_server(Kex *kex) | |||
67 | BIGNUM *dh_client_pub = NULL; | 70 | BIGNUM *dh_client_pub = NULL; |
68 | int type = 0; | 71 | int type = 0; |
69 | gss_OID oid; | 72 | gss_OID oid; |
73 | char *mechs; | ||
70 | 74 | ||
71 | /* Initialise GSSAPI */ | 75 | /* Initialise GSSAPI */ |
72 | 76 | ||
@@ -75,7 +79,8 @@ kexgss_server(Kex *kex) | |||
75 | * into life | 79 | * into life |
76 | */ | 80 | */ |
77 | if (!ssh_gssapi_oid_table_ok()) | 81 | if (!ssh_gssapi_oid_table_ok()) |
78 | ssh_gssapi_server_mechanisms(); | 82 | if ((mechs = ssh_gssapi_server_mechanisms())) |
83 | xfree(mechs); | ||
79 | 84 | ||
80 | debug2("%s: Identifying %s", __func__, kex->name); | 85 | debug2("%s: Identifying %s", __func__, kex->name); |
81 | oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); | 86 | oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); |
@@ -191,9 +196,16 @@ kexgss_server(Kex *kex) | |||
191 | klen = DH_size(dh); | 196 | klen = DH_size(dh); |
192 | kbuf = xmalloc(klen); | 197 | kbuf = xmalloc(klen); |
193 | kout = DH_compute_key(kbuf, dh_client_pub, dh); | 198 | kout = DH_compute_key(kbuf, dh_client_pub, dh); |
199 | if (kout < 0) | ||
200 | fatal("DH_compute_key: failed"); | ||
194 | 201 | ||
195 | shared_secret = BN_new(); | 202 | shared_secret = BN_new(); |
196 | BN_bin2bn(kbuf, kout, shared_secret); | 203 | if (shared_secret == NULL) |
204 | fatal("kexgss_server: BN_new failed"); | ||
205 | |||
206 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | ||
207 | fatal("kexgss_server: BN_bin2bn failed"); | ||
208 | |||
197 | memset(kbuf, 0, klen); | 209 | memset(kbuf, 0, klen); |
198 | xfree(kbuf); | 210 | xfree(kbuf); |
199 | 211 | ||
@@ -228,7 +240,7 @@ kexgss_server(Kex *kex) | |||
228 | fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); | 240 | fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); |
229 | } | 241 | } |
230 | 242 | ||
231 | BN_free(dh_client_pub); | 243 | BN_clear_free(dh_client_pub); |
232 | 244 | ||
233 | if (kex->session_id == NULL) { | 245 | if (kex->session_id == NULL) { |
234 | kex->session_id_len = hashlen; | 246 | kex->session_id_len = hashlen; |
@@ -267,5 +279,10 @@ kexgss_server(Kex *kex) | |||
267 | kex_derive_keys(kex, hash, hashlen, shared_secret); | 279 | kex_derive_keys(kex, hash, hashlen, shared_secret); |
268 | BN_clear_free(shared_secret); | 280 | BN_clear_free(shared_secret); |
269 | kex_finish(kex); | 281 | kex_finish(kex); |
282 | |||
283 | /* If this was a rekey, then save out any delegated credentials we | ||
284 | * just exchanged. */ | ||
285 | if (options.gss_store_rekey) | ||
286 | ssh_gssapi_rekey_creds(); | ||
270 | } | 287 | } |
271 | #endif /* GSSAPI */ | 288 | #endif /* GSSAPI */ |