#include "monitor_wrap.h"
#include "servconf.h"
+static void kex_gss_send_error(Gssctxt *ctxt);
extern ServerOptions options;
void
debug2("%s: Acquiring credentials", __func__);
- if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid))))
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid)))) {
+ kex_gss_send_error(ctxt);
fatal("Unable to acquire credentials for the server");
+ }
switch (kex->kex_type) {
case KEX_GSS_GRP1_SHA1:
if (maj_status & GSS_S_CONTINUE_NEEDED) {
debug("Sending GSSAPI_CONTINUE");
packet_start(SSH2_MSG_KEXGSS_CONTINUE);
- packet_put_string(send_tok.value, send_tok.length);
+ packet_put_string((char *)send_tok.value, send_tok.length);
packet_send();
gss_release_buffer(&min_status, &send_tok);
}
} while (maj_status & GSS_S_CONTINUE_NEEDED);
if (GSS_ERROR(maj_status)) {
+ kex_gss_send_error(ctxt);
if (send_tok.length > 0) {
packet_start(SSH2_MSG_KEXGSS_CONTINUE);
- packet_put_string(send_tok.value, send_tok.length);
+ packet_put_string((char *)send_tok.value, send_tok.length);
packet_send();
}
- fatal("accept_ctx died");
+ packet_disconnect("GSSAPI Key Exchange handshake failed");
}
if (!(ret_flags & GSS_C_MUTUAL_FLAG))
packet_start(SSH2_MSG_KEXGSS_COMPLETE);
packet_put_bignum2(dh->pub_key);
- packet_put_string(msg_tok.value,msg_tok.length);
+ packet_put_string((char *)msg_tok.value,msg_tok.length);
if (send_tok.length != 0) {
packet_put_char(1); /* true */
- packet_put_string(send_tok.value, send_tok.length);
+ packet_put_string((char *)send_tok.value, send_tok.length);
} else {
packet_put_char(0); /* false */
}
if (options.gss_store_rekey)
ssh_gssapi_rekey_creds();
}
+
+static void
+kex_gss_send_error(Gssctxt *ctxt) {
+ char *errstr;
+ OM_uint32 maj,min;
+
+ errstr=PRIVSEP(ssh_gssapi_last_error(ctxt,&maj,&min));
+ if (errstr) {
+ packet_start(SSH2_MSG_KEXGSS_ERROR);
+ packet_put_int(maj);
+ packet_put_int(min);
+ packet_put_cstring(errstr);
+ packet_put_cstring("");
+ packet_send();
+ packet_write_wait();
+ /* XXX - We should probably log the error locally here */
+ xfree(errstr);
+ }
+}
#endif /* GSSAPI */