diff options
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 50 |
1 files changed, 23 insertions, 27 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index e2ea82656..32e9b0df2 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -168,26 +168,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
168 | xxx_host = host; | 168 | xxx_host = host; |
169 | xxx_hostaddr = hostaddr; | 169 | xxx_hostaddr = hostaddr; |
170 | 170 | ||
171 | #ifdef GSSAPI | ||
172 | if (options.gss_keyex) { | ||
173 | /* Add the GSSAPI mechanisms currently supported on this | ||
174 | * client to the key exchange algorithm proposal */ | ||
175 | orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
176 | |||
177 | if (options.gss_trust_dns) | ||
178 | gss_host = (char *)get_canonical_hostname(1); | ||
179 | else | ||
180 | gss_host = host; | ||
181 | |||
182 | gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity); | ||
183 | if (gss) { | ||
184 | debug("Offering GSSAPI proposal: %s", gss); | ||
185 | xasprintf(&myproposal[PROPOSAL_KEX_ALGS], | ||
186 | "%s,%s", gss, orig); | ||
187 | } | ||
188 | } | ||
189 | #endif | ||
190 | |||
191 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( | 171 | myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( |
192 | options.kex_algorithms); | 172 | options.kex_algorithms); |
193 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = | 173 | myproposal[PROPOSAL_ENC_ALGS_CTOS] = |
@@ -219,13 +199,29 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
219 | } | 199 | } |
220 | 200 | ||
221 | #ifdef GSSAPI | 201 | #ifdef GSSAPI |
222 | /* If we've got GSSAPI algorithms, then we also support the | 202 | if (options.gss_keyex) { |
223 | * 'null' hostkey, as a last resort */ | 203 | /* Add the GSSAPI mechanisms currently supported on this |
224 | if (options.gss_keyex && gss) { | 204 | * client to the key exchange algorithm proposal */ |
225 | orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; | 205 | orig = myproposal[PROPOSAL_KEX_ALGS]; |
226 | xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], | 206 | |
227 | "%s,null", orig); | 207 | if (options.gss_trust_dns) |
228 | free(gss); | 208 | gss_host = (char *)get_canonical_hostname(1); |
209 | else | ||
210 | gss_host = host; | ||
211 | |||
212 | gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity); | ||
213 | if (gss) { | ||
214 | debug("Offering GSSAPI proposal: %s", gss); | ||
215 | xasprintf(&myproposal[PROPOSAL_KEX_ALGS], | ||
216 | "%s,%s", gss, orig); | ||
217 | |||
218 | /* If we've got GSSAPI algorithms, then we also | ||
219 | * support the 'null' hostkey, as a last resort */ | ||
220 | orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; | ||
221 | xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], | ||
222 | "%s,null", orig); | ||
223 | free(gss); | ||
224 | } | ||
229 | } | 225 | } |
230 | #endif | 226 | #endif |
231 | 227 | ||