/*
- * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#ifdef GSSAPI
+#include "includes.h"
+
#include <openssl/crypto.h>
#include <openssl/bn.h>
BIGNUM *g = NULL;
u_char *kbuf, *hash;
u_char *serverhostkey = NULL;
+ u_char *empty = "";
char *msg;
char *lang;
int type = 0;
if (ssh_gssapi_import_name(ctxt, kex->gss_host))
fatal("Couldn't import hostname");
-
+
+ if (kex->gss_client &&
+ ssh_gssapi_client_identity(ctxt, kex->gss_client))
+ fatal("Couldn't acquire client credentials");
+
switch (kex->kex_type) {
case KEX_GSS_GRP1_SHA1:
dh = dh_new_group1();
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
+ if (kout < 0)
+ fatal("DH_compute_key: failed");
shared_secret = BN_new();
- BN_bin2bn(kbuf,kout, shared_secret);
+ if (shared_secret == NULL)
+ fatal("kexgss_client: BN_new failed");
+
+ if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+ fatal("kexdh_client: BN_bin2bn failed");
+
memset(kbuf, 0, klen);
xfree(kbuf);
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
- serverhostkey, slen, /* server host key */
+ (serverhostkey ? serverhostkey : empty), slen,
dh->pub_key, /* e */
dh_server_pub, /* f */
shared_secret, /* K */
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
- serverhostkey, slen,
+ (serverhostkey ? serverhostkey : empty), slen,
min, nbits, max,
dh->p, dh->g,
dh->pub_key,
memcpy(kex->session_id, hash, kex->session_id_len);
}
+ if (kex->gss_deleg_creds)
+ ssh_gssapi_credentials_updated(ctxt);
+
if (gss_kex_context == NULL)
gss_kex_context = ctxt;
else