summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c71
1 files changed, 62 insertions, 9 deletions
diff --git a/sshd.c b/sshd.c
index def90d827..df6d1e374 100644
--- a/sshd.c
+++ b/sshd.c
@@ -377,7 +377,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
377 major = PROTOCOL_MAJOR_1; 377 major = PROTOCOL_MAJOR_1;
378 minor = PROTOCOL_MINOR_1; 378 minor = PROTOCOL_MINOR_1;
379 } 379 }
380 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION); 380 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_RELEASE);
381 server_version_string = xstrdup(buf); 381 server_version_string = xstrdup(buf);
382 382
383 /* Send our protocol version identification. */ 383 /* Send our protocol version identification. */
@@ -962,7 +962,12 @@ main(int ac, char **av)
962 /* ignored */ 962 /* ignored */
963 break; 963 break;
964 case 'q': 964 case 'q':
965 options.log_level = SYSLOG_LEVEL_QUIET; 965 if (options.log_level == SYSLOG_LEVEL_QUIET) {
966 options.log_level = SYSLOG_LEVEL_SILENT;
967 }
968 else if (options.log_level != SYSLOG_LEVEL_SILENT) {
969 options.log_level = SYSLOG_LEVEL_QUIET;
970 }
966 break; 971 break;
967 case 'b': 972 case 'b':
968 options.server_key_bits = atoi(optarg); 973 options.server_key_bits = atoi(optarg);
@@ -1123,10 +1128,12 @@ main(int ac, char **av)
1123 logit("Disabling protocol version 1. Could not load host key"); 1128 logit("Disabling protocol version 1. Could not load host key");
1124 options.protocol &= ~SSH_PROTO_1; 1129 options.protocol &= ~SSH_PROTO_1;
1125 } 1130 }
1131#ifndef GSSAPI
1126 if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { 1132 if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
1127 logit("Disabling protocol version 2. Could not load host key"); 1133 logit("Disabling protocol version 2. Could not load host key");
1128 options.protocol &= ~SSH_PROTO_2; 1134 options.protocol &= ~SSH_PROTO_2;
1129 } 1135 }
1136#endif
1130 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { 1137 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
1131 logit("sshd: no hostkeys available -- exiting."); 1138 logit("sshd: no hostkeys available -- exiting.");
1132 exit(1); 1139 exit(1);
@@ -1313,7 +1320,7 @@ main(int ac, char **av)
1313 1320
1314 /* Bind the socket to the desired port. */ 1321 /* Bind the socket to the desired port. */
1315 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { 1322 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1316 if (!ai->ai_next) 1323 if (!num_listen_socks && !ai->ai_next)
1317 error("Bind to port %s on %s failed: %.200s.", 1324 error("Bind to port %s on %s failed: %.200s.",
1318 strport, ntop, strerror(errno)); 1325 strport, ntop, strerror(errno));
1319 close(listen_sock); 1326 close(listen_sock);
@@ -1632,7 +1639,7 @@ main(int ac, char **av)
1632 * Register our connection. This turns encryption off because we do 1639 * Register our connection. This turns encryption off because we do
1633 * not have a key. 1640 * not have a key.
1634 */ 1641 */
1635 packet_set_connection(sock_in, sock_out); 1642 packet_set_connection(sock_in, sock_out, -1);
1636 packet_set_server(); 1643 packet_set_server();
1637 1644
1638 /* Set SO_KEEPALIVE if requested. */ 1645 /* Set SO_KEEPALIVE if requested. */
@@ -2028,13 +2035,59 @@ do_ssh2_kex(void)
2028 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); 2035 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
2029 2036
2030 /* start key exchange */ 2037 /* start key exchange */
2031 kex = kex_setup(myproposal); 2038
2032 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 2039#ifdef GSSAPI
2040 {
2041 char *orig;
2042 char *gss = NULL;
2043 char *newstr = NULL;
2044 orig = myproposal[PROPOSAL_KEX_ALGS];
2045
2046 /*
2047 * If we don't have a host key, then there's no point advertising
2048 * the other key exchange algorithms
2049 */
2050
2051 if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
2052 orig = NULL;
2053
2054 gss = ssh_gssapi_server_mechanisms();
2055
2056 if (gss && orig) {
2057 int len = strlen(orig) + strlen(gss) + 2;
2058 newstr = xmalloc(len);
2059 snprintf(newstr, len, "%s,%s", gss, orig);
2060 } else if (gss) {
2061 newstr = gss;
2062 } else if (orig) {
2063 newstr = orig;
2064 }
2065 /*
2066 * If we've got GSSAPI mechanisms, then we've got the 'null' host
2067 * key alg, but we can't tell people about it unless its the only
2068 * host key algorithm we support
2069 */
2070 if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
2071 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
2072
2073 if (newstr)
2074 myproposal[PROPOSAL_KEX_ALGS] = newstr;
2075 else
2076 fatal("No supported key exchange algorithms");
2077 }
2078#endif
2079
2080 /* start key exchange */
2081 kex = kex_setup(myproposal);
2082 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
2033 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 2083 kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
2034 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 2084 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2035 kex->server = 1; 2085#ifdef GSSAPI
2036 kex->client_version_string=client_version_string; 2086 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
2037 kex->server_version_string=server_version_string; 2087#endif
2088 kex->server = 1;
2089 kex->client_version_string=client_version_string;
2090 kex->server_version_string=server_version_string;
2038 kex->load_host_key=&get_hostkey_by_type; 2091 kex->load_host_key=&get_hostkey_by_type;
2039 kex->host_key_index=&get_hostkey_index; 2092 kex->host_key_index=&get_hostkey_index;
2040 2093
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 20:44:26 +0000