diff options
Diffstat (limited to 'kexgsss.c')
| -rw-r--r-- | kexgsss.c | 25 |
1 files changed, 21 insertions, 4 deletions
| @@ -1,5 +1,5 @@ | |||
| 1 | /* | 1 | /* |
| 2 | * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. | 2 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
| 3 | * | 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without | 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions | 5 | * modification, are permitted provided that the following conditions |
| @@ -42,6 +42,9 @@ | |||
| 42 | #include "dh.h" | 42 | #include "dh.h" |
| 43 | #include "ssh-gss.h" | 43 | #include "ssh-gss.h" |
| 44 | #include "monitor_wrap.h" | 44 | #include "monitor_wrap.h" |
| 45 | #include "servconf.h" | ||
| 46 | |||
| 47 | extern ServerOptions options; | ||
| 45 | 48 | ||
| 46 | void | 49 | void |
| 47 | kexgss_server(Kex *kex) | 50 | kexgss_server(Kex *kex) |
| @@ -67,6 +70,7 @@ kexgss_server(Kex *kex) | |||
| 67 | BIGNUM *dh_client_pub = NULL; | 70 | BIGNUM *dh_client_pub = NULL; |
| 68 | int type = 0; | 71 | int type = 0; |
| 69 | gss_OID oid; | 72 | gss_OID oid; |
| 73 | char *mechs; | ||
| 70 | 74 | ||
| 71 | /* Initialise GSSAPI */ | 75 | /* Initialise GSSAPI */ |
| 72 | 76 | ||
| @@ -75,7 +79,8 @@ kexgss_server(Kex *kex) | |||
| 75 | * into life | 79 | * into life |
| 76 | */ | 80 | */ |
| 77 | if (!ssh_gssapi_oid_table_ok()) | 81 | if (!ssh_gssapi_oid_table_ok()) |
| 78 | ssh_gssapi_server_mechanisms(); | 82 | if ((mechs = ssh_gssapi_server_mechanisms())) |
| 83 | xfree(mechs); | ||
| 79 | 84 | ||
| 80 | debug2("%s: Identifying %s", __func__, kex->name); | 85 | debug2("%s: Identifying %s", __func__, kex->name); |
| 81 | oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); | 86 | oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); |
| @@ -191,9 +196,16 @@ kexgss_server(Kex *kex) | |||
| 191 | klen = DH_size(dh); | 196 | klen = DH_size(dh); |
| 192 | kbuf = xmalloc(klen); | 197 | kbuf = xmalloc(klen); |
| 193 | kout = DH_compute_key(kbuf, dh_client_pub, dh); | 198 | kout = DH_compute_key(kbuf, dh_client_pub, dh); |
| 199 | if (kout < 0) | ||
| 200 | fatal("DH_compute_key: failed"); | ||
| 194 | 201 | ||
| 195 | shared_secret = BN_new(); | 202 | shared_secret = BN_new(); |
| 196 | BN_bin2bn(kbuf, kout, shared_secret); | 203 | if (shared_secret == NULL) |
| 204 | fatal("kexgss_server: BN_new failed"); | ||
| 205 | |||
| 206 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | ||
| 207 | fatal("kexgss_server: BN_bin2bn failed"); | ||
| 208 | |||
| 197 | memset(kbuf, 0, klen); | 209 | memset(kbuf, 0, klen); |
| 198 | xfree(kbuf); | 210 | xfree(kbuf); |
| 199 | 211 | ||
| @@ -228,7 +240,7 @@ kexgss_server(Kex *kex) | |||
| 228 | fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); | 240 | fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type); |
| 229 | } | 241 | } |
| 230 | 242 | ||
| 231 | BN_free(dh_client_pub); | 243 | BN_clear_free(dh_client_pub); |
| 232 | 244 | ||
| 233 | if (kex->session_id == NULL) { | 245 | if (kex->session_id == NULL) { |
| 234 | kex->session_id_len = hashlen; | 246 | kex->session_id_len = hashlen; |
| @@ -267,5 +279,10 @@ kexgss_server(Kex *kex) | |||
| 267 | kex_derive_keys(kex, hash, hashlen, shared_secret); | 279 | kex_derive_keys(kex, hash, hashlen, shared_secret); |
| 268 | BN_clear_free(shared_secret); | 280 | BN_clear_free(shared_secret); |
| 269 | kex_finish(kex); | 281 | kex_finish(kex); |
| 282 | |||
| 283 | /* If this was a rekey, then save out any delegated credentials we | ||
| 284 | * just exchanged. */ | ||
| 285 | if (options.gss_store_rekey) | ||
| 286 | ssh_gssapi_rekey_creds(); | ||
| 270 | } | 287 | } |
| 271 | #endif /* GSSAPI */ | 288 | #endif /* GSSAPI */ |