diff options
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 58 |
1 files changed, 53 insertions, 5 deletions
| @@ -1110,10 +1110,12 @@ main(int ac, char **av) | |||
| 1110 | logit("Disabling protocol version 1. Could not load host key"); | 1110 | logit("Disabling protocol version 1. Could not load host key"); |
| 1111 | options.protocol &= ~SSH_PROTO_1; | 1111 | options.protocol &= ~SSH_PROTO_1; |
| 1112 | } | 1112 | } |
| 1113 | #ifndef GSSAPI | ||
| 1113 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { | 1114 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { |
| 1114 | logit("Disabling protocol version 2. Could not load host key"); | 1115 | logit("Disabling protocol version 2. Could not load host key"); |
| 1115 | options.protocol &= ~SSH_PROTO_2; | 1116 | options.protocol &= ~SSH_PROTO_2; |
| 1116 | } | 1117 | } |
| 1118 | #endif | ||
| 1117 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 1119 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
| 1118 | logit("sshd: no hostkeys available -- exiting."); | 1120 | logit("sshd: no hostkeys available -- exiting."); |
| 1119 | exit(1); | 1121 | exit(1); |
| @@ -1990,13 +1992,59 @@ do_ssh2_kex(void) | |||
| 1990 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 1992 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
| 1991 | 1993 | ||
| 1992 | /* start key exchange */ | 1994 | /* start key exchange */ |
| 1993 | kex = kex_setup(myproposal); | 1995 | |
| 1994 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 1996 | #ifdef GSSAPI |
| 1997 | { | ||
| 1998 | char *orig; | ||
| 1999 | char *gss = NULL; | ||
| 2000 | char *newstr = NULL; | ||
| 2001 | orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
| 2002 | |||
| 2003 | /* | ||
| 2004 | * If we don't have a host key, then there's no point advertising | ||
| 2005 | * the other key exchange algorithms | ||
| 2006 | */ | ||
| 2007 | |||
| 2008 | if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) | ||
| 2009 | orig = NULL; | ||
| 2010 | |||
| 2011 | gss = ssh_gssapi_server_mechanisms(); | ||
| 2012 | |||
| 2013 | if (gss && orig) { | ||
| 2014 | int len = strlen(orig) + strlen(gss) + 2; | ||
| 2015 | newstr = xmalloc(len); | ||
| 2016 | snprintf(newstr, len, "%s,%s", gss, orig); | ||
| 2017 | } else if (gss) { | ||
| 2018 | newstr = gss; | ||
| 2019 | } else if (orig) { | ||
| 2020 | newstr = orig; | ||
| 2021 | } | ||
| 2022 | /* | ||
| 2023 | * If we've got GSSAPI mechanisms, then we've got the 'null' host | ||
| 2024 | * key alg, but we can't tell people about it unless its the only | ||
| 2025 | * host key algorithm we support | ||
| 2026 | */ | ||
| 2027 | if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0) | ||
| 2028 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null"; | ||
| 2029 | |||
| 2030 | if (newstr) | ||
| 2031 | myproposal[PROPOSAL_KEX_ALGS] = newstr; | ||
| 2032 | else | ||
| 2033 | fatal("No supported key exchange algorithms"); | ||
| 2034 | } | ||
| 2035 | #endif | ||
| 2036 | |||
| 2037 | /* start key exchange */ | ||
| 2038 | kex = kex_setup(myproposal); | ||
| 2039 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | ||
| 1995 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 2040 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
| 1996 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2041 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 1997 | kex->server = 1; | 2042 | #ifdef GSSAPI |
| 1998 | kex->client_version_string=client_version_string; | 2043 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; |
| 1999 | kex->server_version_string=server_version_string; | 2044 | #endif |
| 2045 | kex->server = 1; | ||
| 2046 | kex->client_version_string=client_version_string; | ||
| 2047 | kex->server_version_string=server_version_string; | ||
| 2000 | kex->load_host_key=&get_hostkey_by_type; | 2048 | kex->load_host_key=&get_hostkey_by_type; |
| 2001 | kex->host_key_index=&get_hostkey_index; | 2049 | kex->host_key_index=&get_hostkey_index; |
| 2002 | 2050 | ||