Initial revision

[gssapi-openssh.git] / openssh / kexgssc.c
diff --git a/openssh/kexgssc.c b/openssh/kexgssc.c

index 8cf27306fdbed1bd2d02b7ca111e67eb2e2ffde7..9b6e0b74c428e7cb53fb54962fc9db126efe7f3c 100644 (file)
--- a/openssh/kexgssc.c
+++ b/openssh/kexgssc.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
@@ -36,11 +36,9 @@
  #include "log.h"
  #include "packet.h"
  #include "dh.h"
+#include "canohost.h"
  #include "ssh2.h"
  #include "ssh-gss.h"
-#include "monitor_wrap.h"
-#include "canohost.h"
-
  
  void
  kexgss_client(Kex *kex)
@@ -55,15 +53,19 @@ kexgss_client(Kex *kex)
         unsigned char *kbuf;
         unsigned char *hash;
         unsigned char *serverhostkey;
+       char *msg;
+       char *lang;
         int type = 0;
         int first = 1;
         int slen = 0;
+       u_int strlen;
         
         /* Initialise our GSSAPI world */
         ssh_gssapi_build_ctx(&ctxt);
-       if (ssh_gssapi_id_kex(ctxt,kex->name)==NULL) {
+       if (ssh_gssapi_client_id_kex(ctxt,kex->name)==NULL) {
                 fatal("Couldn't identify host exchange");
         }
+
         if (ssh_gssapi_import_name(ctxt,get_canonical_hostname(1))) {
                 fatal("Couldn't import hostname ");
         }
@@ -91,8 +93,13 @@ kexgss_client(Kex *kex)
                                                &ret_flags);
  
                 if (GSS_ERROR(maj_status)) {
+                       if (send_tok.length!=0) {
+                               packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+                               packet_put_string(send_tok.value,
+                                                 send_tok.length);
+                       }                         
                         fatal("gss_init_context failed");
-               } 
+               }
  
                 /* If we've got an old receive buffer get rid of it */
                 if (token_ptr != GSS_C_NO_BUFFER)
@@ -141,20 +148,20 @@ kexgss_client(Kex *kex)
                                 debug("Received GSSAPI_CONTINUE");
                                 if (maj_status == GSS_S_COMPLETE) 
                                         fatal("GSSAPI Continue received from server when complete");
-                               recv_tok.value=packet_get_string(&slen);
-                               recv_tok.length=slen; /* int vs. size_t */
+                               recv_tok.value=packet_get_string(&strlen);
+                               recv_tok.length=strlen; /* u_int vs. size_t */
                                 break;
                         case SSH2_MSG_KEXGSS_COMPLETE:
                                 debug("Received GSSAPI_COMPLETE");
                                 packet_get_bignum2(dh_server_pub);
-                               msg_tok.value=packet_get_string(&slen);
-                               msg_tok.length=slen; /* int vs. size_t */
+                               msg_tok.value=packet_get_string(&strlen);
+                               msg_tok.length=strlen; /* u_int vs. size_t */
  
                                 /* Is there a token included? */
                                 if (packet_get_char()) {
                                         recv_tok.value=
-                                           packet_get_string(&slen);
-                                       recv_tok.length=slen; /* int/size_t */
+                                           packet_get_string(&strlen);
+                                       recv_tok.length=strlen; /*u_int/size_t*/
                                         /* If we're already complete - protocol error */
                                         if (maj_status == GSS_S_COMPLETE)
                                                 packet_disconnect("Protocol error: received token when complete");
@@ -164,13 +171,24 @@ kexgss_client(Kex *kex)
                                                 packet_disconnect("Protocol error: did not receive final token");
                                 }
                                 break;
+                       case SSH2_MSG_KEXGSS_ERROR:
+                               debug("Received Error");
+                               maj_status=packet_get_int();
+                               min_status=packet_get_int();
+                               msg=packet_get_string(NULL);
+                               lang=packet_get_string(NULL);
+                               fatal("GSSAPI Key Exchange Error: \n%s",msg);
                         default:
                                 packet_disconnect("Protocol error: didn't expect packet type %d",
                                 type);
                         }
                         token_ptr=&recv_tok;
+               } else {
+                       /* No data, and not complete */
+                       if (maj_status!=GSS_S_COMPLETE) {
+                               fatal("Not complete, and no token output");
+                       }
                 }
-
         } while (maj_status & GSS_S_CONTINUE_NEEDED);
         
         /* We _must_ have received a COMPLETE message in reply from the 
@@ -193,8 +211,8 @@ kexgss_client(Kex *kex)
          memset(kbuf, 0, klen);
          xfree(kbuf);
          
-       slen=0;
-        hash = kex_gssapi_hash(
+        /* The GSS hash is identical to the DH one */
+        hash = kex_dh_hash(
             kex->client_version_string,
              kex->server_version_string,
              buffer_ptr(&kex->my), buffer_len(&kex->my),