From e315f6fb201d79e9ea9c363d9d18c9bf9b6f65ab Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 7 Oct 2005 11:13:12 +0000
Subject: * Only send GSSAPI proposal if GSSAPIAuthentication is enabled.

---
 sshconnect2.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

(limited to 'sshconnect2.c')

diff --git a/sshconnect2.c b/sshconnect2.c
index 601a49429..579e60c1c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -85,7 +85,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 	Kex *kex;
 
 #ifdef GSSAPI
-	char *orig, *gss;
+	char *orig, *gss = NULL;
 	int len;
 #endif
 
@@ -93,14 +93,16 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 	xxx_hostaddr = hostaddr;
 
 #ifdef GSSAPI
-	orig = myproposal[PROPOSAL_KEX_ALGS];
-	gss = ssh_gssapi_client_mechanisms(get_canonical_hostname(1));
-	debug("Offering GSSAPI proposal: %s",gss);
-	if (gss) {
-		len = strlen(orig) + strlen(gss) + 2;
-		myproposal[PROPOSAL_KEX_ALGS] = xmalloc(len);
-		snprintf(myproposal[PROPOSAL_KEX_ALGS], len, "%s,%s", gss, 
-		    orig);
+	if (options.gss_authentication) {
+		orig = myproposal[PROPOSAL_KEX_ALGS];
+		gss = ssh_gssapi_client_mechanisms(get_canonical_hostname(1));
+		debug("Offering GSSAPI proposal: %s",gss);
+		if (gss) {
+			len = strlen(orig) + strlen(gss) + 2;
+			myproposal[PROPOSAL_KEX_ALGS] = xmalloc(len);
+			snprintf(myproposal[PROPOSAL_KEX_ALGS], len, "%s,%s",
+			    gss, orig);
+		}
 	}
 #endif
 
@@ -150,7 +152,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 #ifdef GSSAPI
-	kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
+	if (options.gss_authentication)
+		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
 #endif
 	kex->client_version_string=client_version_string;
 	kex->server_version_string=server_version_string;
-- 
cgit v1.2.3