merging OPENSSH_5_2P1_SIMON_20090726_HPN13V6 to trunk:

[gssapi-openssh.git] / openssh / kexgsss.c

diff --git a/openssh/kexgsss.c b/openssh/kexgsss.c
index ae58cacb722f92b38cd7bb6a178628b038033aa3..3e5205c43505c0f61ccab36684461d5bcf4ac944 100644 (file)
--- a/openssh/kexgsss.c
+++ b/openssh/kexgsss.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -42,8 +42,10 @@
 #include "dh.h"
 #include "ssh-gss.h"
 #include "monitor_wrap.h"
+#include "servconf.h"
 
 static void kex_gss_send_error(Gssctxt *ctxt);
+extern ServerOptions options;
 
 void
 kexgss_server(Kex *kex)
@@ -69,6 +71,7 @@ kexgss_server(Kex *kex)
        BIGNUM *dh_client_pub = NULL;
        int type = 0;
        gss_OID oid;
+       char *mechs;
 
        /* Initialise GSSAPI */
 
@@ -77,7 +80,8 @@ kexgss_server(Kex *kex)
         * into life
         */
        if (!ssh_gssapi_oid_table_ok()) 
-               ssh_gssapi_server_mechanisms();
+               if ((mechs = ssh_gssapi_server_mechanisms()))
+                       xfree(mechs);
 
        debug2("%s: Identifying %s", __func__, kex->name);
        oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type);
@@ -168,7 +172,7 @@ kexgss_server(Kex *kex)
                if (maj_status & GSS_S_CONTINUE_NEEDED) {
                        debug("Sending GSSAPI_CONTINUE");
                        packet_start(SSH2_MSG_KEXGSS_CONTINUE);
-                       packet_put_string(send_tok.value, send_tok.length);
+                       packet_put_string((char *)send_tok.value, send_tok.length);
                        packet_send();
                        gss_release_buffer(&min_status, &send_tok);
                }
@@ -178,7 +182,7 @@ kexgss_server(Kex *kex)
                kex_gss_send_error(ctxt);
                if (send_tok.length > 0) {
                        packet_start(SSH2_MSG_KEXGSS_CONTINUE);
-                       packet_put_string(send_tok.value, send_tok.length);
+                       packet_put_string((char *)send_tok.value, send_tok.length);
                        packet_send();
                }
                packet_disconnect("GSSAPI Key Exchange handshake failed");
@@ -196,9 +200,16 @@ kexgss_server(Kex *kex)
        klen = DH_size(dh);
        kbuf = xmalloc(klen); 
        kout = DH_compute_key(kbuf, dh_client_pub, dh);
+       if (kout < 0)
+               fatal("DH_compute_key: failed");
 
        shared_secret = BN_new();
-       BN_bin2bn(kbuf, kout, shared_secret);
+       if (shared_secret == NULL)
+               fatal("kexgss_server: BN_new failed");
+
+       if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+               fatal("kexgss_server: BN_bin2bn failed");
+
        memset(kbuf, 0, klen);
        xfree(kbuf);
 
@@ -233,7 +244,7 @@ kexgss_server(Kex *kex)
                fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
        }
 
-       BN_free(dh_client_pub);
+       BN_clear_free(dh_client_pub);
 
        if (kex->session_id == NULL) {
                kex->session_id_len = hashlen;
@@ -272,6 +283,11 @@ kexgss_server(Kex *kex)
        kex_derive_keys(kex, hash, hashlen, shared_secret);
        BN_clear_free(shared_secret);
        kex_finish(kex);
+
+       /* If this was a rekey, then save out any delegated credentials we
+        * just exchanged.  */
+       if (options.gss_store_rekey)
+               ssh_gssapi_rekey_creds();
 }
 
 static void