diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 71 |
1 files changed, 62 insertions, 9 deletions
@@ -377,7 +377,7 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
377 | major = PROTOCOL_MAJOR_1; | 377 | major = PROTOCOL_MAJOR_1; |
378 | minor = PROTOCOL_MINOR_1; | 378 | minor = PROTOCOL_MINOR_1; |
379 | } | 379 | } |
380 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION); | 380 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_RELEASE); |
381 | server_version_string = xstrdup(buf); | 381 | server_version_string = xstrdup(buf); |
382 | 382 | ||
383 | /* Send our protocol version identification. */ | 383 | /* Send our protocol version identification. */ |
@@ -962,7 +962,12 @@ main(int ac, char **av) | |||
962 | /* ignored */ | 962 | /* ignored */ |
963 | break; | 963 | break; |
964 | case 'q': | 964 | case 'q': |
965 | options.log_level = SYSLOG_LEVEL_QUIET; | 965 | if (options.log_level == SYSLOG_LEVEL_QUIET) { |
966 | options.log_level = SYSLOG_LEVEL_SILENT; | ||
967 | } | ||
968 | else if (options.log_level != SYSLOG_LEVEL_SILENT) { | ||
969 | options.log_level = SYSLOG_LEVEL_QUIET; | ||
970 | } | ||
966 | break; | 971 | break; |
967 | case 'b': | 972 | case 'b': |
968 | options.server_key_bits = atoi(optarg); | 973 | options.server_key_bits = atoi(optarg); |
@@ -1123,10 +1128,12 @@ main(int ac, char **av) | |||
1123 | logit("Disabling protocol version 1. Could not load host key"); | 1128 | logit("Disabling protocol version 1. Could not load host key"); |
1124 | options.protocol &= ~SSH_PROTO_1; | 1129 | options.protocol &= ~SSH_PROTO_1; |
1125 | } | 1130 | } |
1131 | #ifndef GSSAPI | ||
1126 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { | 1132 | if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { |
1127 | logit("Disabling protocol version 2. Could not load host key"); | 1133 | logit("Disabling protocol version 2. Could not load host key"); |
1128 | options.protocol &= ~SSH_PROTO_2; | 1134 | options.protocol &= ~SSH_PROTO_2; |
1129 | } | 1135 | } |
1136 | #endif | ||
1130 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 1137 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
1131 | logit("sshd: no hostkeys available -- exiting."); | 1138 | logit("sshd: no hostkeys available -- exiting."); |
1132 | exit(1); | 1139 | exit(1); |
@@ -1313,7 +1320,7 @@ main(int ac, char **av) | |||
1313 | 1320 | ||
1314 | /* Bind the socket to the desired port. */ | 1321 | /* Bind the socket to the desired port. */ |
1315 | if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { | 1322 | if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { |
1316 | if (!ai->ai_next) | 1323 | if (!num_listen_socks && !ai->ai_next) |
1317 | error("Bind to port %s on %s failed: %.200s.", | 1324 | error("Bind to port %s on %s failed: %.200s.", |
1318 | strport, ntop, strerror(errno)); | 1325 | strport, ntop, strerror(errno)); |
1319 | close(listen_sock); | 1326 | close(listen_sock); |
@@ -1632,7 +1639,7 @@ main(int ac, char **av) | |||
1632 | * Register our connection. This turns encryption off because we do | 1639 | * Register our connection. This turns encryption off because we do |
1633 | * not have a key. | 1640 | * not have a key. |
1634 | */ | 1641 | */ |
1635 | packet_set_connection(sock_in, sock_out); | 1642 | packet_set_connection(sock_in, sock_out, -1); |
1636 | packet_set_server(); | 1643 | packet_set_server(); |
1637 | 1644 | ||
1638 | /* Set SO_KEEPALIVE if requested. */ | 1645 | /* Set SO_KEEPALIVE if requested. */ |
@@ -2028,13 +2035,59 @@ do_ssh2_kex(void) | |||
2028 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2035 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
2029 | 2036 | ||
2030 | /* start key exchange */ | 2037 | /* start key exchange */ |
2031 | kex = kex_setup(myproposal); | 2038 | |
2032 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 2039 | #ifdef GSSAPI |
2040 | { | ||
2041 | char *orig; | ||
2042 | char *gss = NULL; | ||
2043 | char *newstr = NULL; | ||
2044 | orig = myproposal[PROPOSAL_KEX_ALGS]; | ||
2045 | |||
2046 | /* | ||
2047 | * If we don't have a host key, then there's no point advertising | ||
2048 | * the other key exchange algorithms | ||
2049 | */ | ||
2050 | |||
2051 | if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) | ||
2052 | orig = NULL; | ||
2053 | |||
2054 | gss = ssh_gssapi_server_mechanisms(); | ||
2055 | |||
2056 | if (gss && orig) { | ||
2057 | int len = strlen(orig) + strlen(gss) + 2; | ||
2058 | newstr = xmalloc(len); | ||
2059 | snprintf(newstr, len, "%s,%s", gss, orig); | ||
2060 | } else if (gss) { | ||
2061 | newstr = gss; | ||
2062 | } else if (orig) { | ||
2063 | newstr = orig; | ||
2064 | } | ||
2065 | /* | ||
2066 | * If we've got GSSAPI mechanisms, then we've got the 'null' host | ||
2067 | * key alg, but we can't tell people about it unless its the only | ||
2068 | * host key algorithm we support | ||
2069 | */ | ||
2070 | if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0) | ||
2071 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null"; | ||
2072 | |||
2073 | if (newstr) | ||
2074 | myproposal[PROPOSAL_KEX_ALGS] = newstr; | ||
2075 | else | ||
2076 | fatal("No supported key exchange algorithms"); | ||
2077 | } | ||
2078 | #endif | ||
2079 | |||
2080 | /* start key exchange */ | ||
2081 | kex = kex_setup(myproposal); | ||
2082 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | ||
2033 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 2083 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
2034 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2084 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
2035 | kex->server = 1; | 2085 | #ifdef GSSAPI |
2036 | kex->client_version_string=client_version_string; | 2086 | kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; |
2037 | kex->server_version_string=server_version_string; | 2087 | #endif |
2088 | kex->server = 1; | ||
2089 | kex->client_version_string=client_version_string; | ||
2090 | kex->server_version_string=server_version_string; | ||
2038 | kex->load_host_key=&get_hostkey_by_type; | 2091 | kex->load_host_key=&get_hostkey_by_type; |
2039 | kex->host_key_index=&get_hostkey_index; | 2092 | kex->host_key_index=&get_hostkey_index; |
2040 | 2093 | ||