-/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */
+/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
#ifdef GSSAPI
-#include "ssh.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
-#include "packet.h"
#include "compat.h"
#include <openssl/evp.h>
-#include "cipher.h"
#include "kex.h"
#include "log.h"
#include "monitor_wrap.h"
gss_OID_set supported;
OM_uint32 min_status;
Buffer buf;
- int i = 0;
+ size_t i = 0;
char *mechs;
char *encoded;
int enclen;
- char digest[EVP_MAX_MD_SIZE];
+ unsigned char digest[EVP_MAX_MD_SIZE];
char deroid[2];
const EVP_MD *evp_md = EVP_md5();
EVP_MD_CTX md;
int oidpos=0;
- if (datafellows & SSH_OLD_GSSAPI) return NULL;
-
gss_indicate_mechs(&min_status,&supported);
- if (datafellows & SSH_BUG_GSSAPI_BER) {
- gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
- *((supported->count*2)+1));
- } else {
- gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
- *(supported->count+1));
- }
+ gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
+ *(supported->count+1));
buffer_init(&buf);
-
for (i=0;i<supported->count;i++) {
gss_enc2oid[oidpos].encoded=NULL;
if (supported->elements[i].length<128 &&
ssh_gssapi_check_mechanism(&(supported->elements[i]),host)) {
- /* Earlier versions of this code interpreted the
- * spec incorrectly with regard to OID encoding. They
- * also mis-encoded the krb5 OID. The following
- * _temporary_ code interfaces with these broken
- * servers */
-
- if (datafellows & SSH_BUG_GSSAPI_BER) {
- char *bodge=NULL;
- gss_OID_desc krb5oid={9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
- gss_OID_desc gsioid={9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"};
-
- if (supported->elements[i].length==krb5oid.length &&
- memcmp(supported->elements[i].elements,
- krb5oid.elements, krb5oid.length)==0) {
- bodge="Se3H81ismmOC3OE+FwYCiQ==";
- }
-
- if (supported->elements[i].length==gsioid.length &&
- memcmp(supported->elements[i].elements,
- gsioid.elements, gsioid.length)==0) {
- bodge="N3+k7/4wGxHyuP8Yxi4RhA==";
- }
-
- if (bodge) {
- if (oidpos!=0) {
- buffer_put_char(&buf,',');
- }
-
- buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
- buffer_append(&buf, bodge, strlen(bodge));
-
- gss_enc2oid[oidpos].oid=&(supported->elements[i]);
- gss_enc2oid[oidpos].encoded=bodge;
-
- oidpos++;
- }
- }
-
/* Add the required DER encoding octets and MD5 hash */
deroid[0]=0x06; /* Object Identifier */
deroid[1]=supported->elements[i].length;
}
char *
-ssh_gssapi_last_error(Gssctxt *ctxt,
- OM_uint32 *major_status, OM_uint32 *minor_status)
+ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
+ OM_uint32 *minor_status)
{
OM_uint32 lmin;
gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
}
int
-ssh_gssapi_check_mechanism(gss_OID oid, char *host) {
+ssh_gssapi_check_mechanism(gss_OID oid, const char *host) {
Gssctxt * ctx = NULL;
gss_buffer_desc token;
OM_uint32 major,minor;