/*
- * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#include "log.h"
#include "packet.h"
#include "dh.h"
+#include "canohost.h"
#include "ssh2.h"
#include "ssh-gss.h"
-#include "monitor_wrap.h"
-#include "canohost.h"
-
void
kexgss_client(Kex *kex)
unsigned char *kbuf;
unsigned char *hash;
unsigned char *serverhostkey;
+ char *msg;
+ char *lang;
int type = 0;
int first = 1;
int slen = 0;
+ u_int strlen;
/* Initialise our GSSAPI world */
ssh_gssapi_build_ctx(&ctxt);
- if (ssh_gssapi_id_kex(ctxt,kex->name)==NULL) {
+ if (ssh_gssapi_client_id_kex(ctxt,kex->name)==NULL) {
fatal("Couldn't identify host exchange");
}
+
if (ssh_gssapi_import_name(ctxt,get_canonical_hostname(1))) {
fatal("Couldn't import hostname ");
}
&ret_flags);
if (GSS_ERROR(maj_status)) {
+ if (send_tok.length!=0) {
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+ packet_put_string(send_tok.value,
+ send_tok.length);
+ }
fatal("gss_init_context failed");
- }
+ }
/* If we've got an old receive buffer get rid of it */
if (token_ptr != GSS_C_NO_BUFFER)
debug("Received GSSAPI_CONTINUE");
if (maj_status == GSS_S_COMPLETE)
fatal("GSSAPI Continue received from server when complete");
- recv_tok.value=packet_get_string(&slen);
- recv_tok.length=slen; /* int vs. size_t */
+ recv_tok.value=packet_get_string(&strlen);
+ recv_tok.length=strlen; /* u_int vs. size_t */
break;
case SSH2_MSG_KEXGSS_COMPLETE:
debug("Received GSSAPI_COMPLETE");
packet_get_bignum2(dh_server_pub);
- msg_tok.value=packet_get_string(&slen);
- msg_tok.length=slen; /* int vs. size_t */
+ msg_tok.value=packet_get_string(&strlen);
+ msg_tok.length=strlen; /* u_int vs. size_t */
/* Is there a token included? */
if (packet_get_char()) {
recv_tok.value=
- packet_get_string(&slen);
- recv_tok.length=slen; /* int/size_t */
+ packet_get_string(&strlen);
+ recv_tok.length=strlen; /*u_int/size_t*/
/* If we're already complete - protocol error */
if (maj_status == GSS_S_COMPLETE)
packet_disconnect("Protocol error: received token when complete");
packet_disconnect("Protocol error: did not receive final token");
}
break;
+ case SSH2_MSG_KEXGSS_ERROR:
+ debug("Received Error");
+ maj_status=packet_get_int();
+ min_status=packet_get_int();
+ msg=packet_get_string(NULL);
+ lang=packet_get_string(NULL);
+ fatal("GSSAPI Key Exchange Error: \n%s",msg);
default:
packet_disconnect("Protocol error: didn't expect packet type %d",
type);
}
token_ptr=&recv_tok;
+ } else {
+ /* No data, and not complete */
+ if (maj_status!=GSS_S_COMPLETE) {
+ fatal("Not complete, and no token output");
+ }
}
-
} while (maj_status & GSS_S_CONTINUE_NEEDED);
/* We _must_ have received a COMPLETE message in reply from the
memset(kbuf, 0, klen);
xfree(kbuf);
- slen=0;
- hash = kex_gssapi_hash(
+ /* The GSS hash is identical to the DH one */
+ hash = kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),