/*
- * Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#ifdef GSSAPI
+#include <string.h>
+
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include "xmalloc.h"
#include "buffer.h"
-#include "bufaux.h"
-#include "cipher.h"
+#include "ssh2.h"
#include "key.h"
+#include "cipher.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
-#include "ssh2.h"
#include "ssh-gss.h"
#include "monitor_wrap.h"
BIGNUM *shared_secret = NULL;
BIGNUM *dh_client_pub = NULL;
int type = 0;
- int gex;
gss_OID oid;
-
+
/* Initialise GSSAPI */
/* If we're rekeying, privsep means that some of the private structures
* in the GSSAPI code are no longer available. This kludges them back
- * into life
+ * into life
*/
if (!ssh_gssapi_oid_table_ok())
ssh_gssapi_server_mechanisms();
debug2("%s: Identifying %s", __func__, kex->name);
- oid = ssh_gssapi_id_kex(NULL, kex->name, &gex);
- if (oid == NULL)
+ oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type);
+ if (oid == GSS_C_NO_OID)
fatal("Unknown gssapi mechanism");
debug2("%s: Acquiring credentials", __func__);
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid)))) {
kex_gss_send_error(ctxt);
- fatal("Unable to acquire credentials for the server");
- }
-
- if (gex) {
+ fatal("Unable to acquire credentials for the server");
+ }
+
+ switch (kex->kex_type) {
+ case KEX_GSS_GRP1_SHA1:
+ dh = dh_new_group1();
+ break;
+ case KEX_GSS_GRP14_SHA1:
+ dh = dh_new_group14();
+ break;
+ case KEX_GSS_GEX_SHA1:
debug("Doing group exchange");
packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ);
min = packet_get_int();
packet_send();
packet_write_wait();
-
- } else {
- dh = dh_new_group1();
+ break;
+ default:
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
+
dh_gen_key(dh, kex->we_need * 8);
do {
memset(kbuf, 0, klen);
xfree(kbuf);
- if (gex) {
+ switch (kex->kex_type) {
+ case KEX_GSS_GRP1_SHA1:
+ case KEX_GSS_GRP14_SHA1:
+ kex_dh_hash(
+ kex->client_version_string, kex->server_version_string,
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ NULL, 0, /* Change this if we start sending host keys */
+ dh_client_pub, dh->pub_key, shared_secret,
+ &hash, &hashlen
+ );
+ break;
+ case KEX_GSS_GEX_SHA1:
kexgex_hash(
kex->evp_md,
kex->client_version_string, kex->server_version_string,
shared_secret,
&hash, &hashlen
);
+ break;
+ default:
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
- else {
- /* The GSSAPI hash is identical to the Diffie Helman one */
- kex_dh_hash(
- kex->client_version_string, kex->server_version_string,
- buffer_ptr(&kex->peer), buffer_len(&kex->peer),
- buffer_ptr(&kex->my), buffer_len(&kex->my),
- NULL, 0, /* Change this if we start sending host keys */
- dh_client_pub, dh->pub_key, shared_secret,
- &hash, &hashlen
- );
- }
+
BN_free(dh_client_pub);
if (kex->session_id == NULL) {