X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/c4a4bea725f99a5afddff8190f9922b0d63cb2b8..06816bdd4f3738c71a6bc698a1a487ef0c91efcc:/openssh/gss-genr.c

diff --git a/openssh/gss-genr.c b/openssh/gss-genr.c
index c65d3c5..3d6a4e2 100644
--- a/openssh/gss-genr.c
+++ b/openssh/gss-genr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $	*/
+/*	$OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $	*/
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -28,14 +28,11 @@
 
 #ifdef GSSAPI
 
-#include "ssh.h"
 #include "xmalloc.h"
 #include "buffer.h"
 #include "bufaux.h"
-#include "packet.h"
 #include "compat.h"
 #include <openssl/evp.h>
-#include "cipher.h"
 #include "kex.h"
 #include "log.h"
 #include "monitor_wrap.h"
@@ -70,30 +67,22 @@ ssh_gssapi_client_mechanisms(char *host) {
 	gss_OID_set 	supported;
 	OM_uint32	min_status;
 	Buffer		buf;
-	int 		i = 0;
+	size_t 		i = 0;
 	char 		*mechs;
 	char		*encoded;
 	int		enclen;
-	char		digest[EVP_MAX_MD_SIZE];
+	unsigned char	digest[EVP_MAX_MD_SIZE];
 	char		deroid[2];
 	const EVP_MD	*evp_md = EVP_md5();
 	EVP_MD_CTX	md;
 	int 		oidpos=0;
 	
-	if (datafellows & SSH_OLD_GSSAPI) return NULL;
-	
 	gss_indicate_mechs(&min_status,&supported);
-	if (datafellows & SSH_BUG_GSSAPI_BER) {
-		gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
-					*((supported->count*2)+1));
-	} else {
-		gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
-					*(supported->count+1));
-	}
+	gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
+			    *(supported->count+1));
 	
 	buffer_init(&buf);
 
-
 	for (i=0;i<supported->count;i++) {
 
 		gss_enc2oid[oidpos].encoded=NULL;
@@ -101,44 +90,6 @@ ssh_gssapi_client_mechanisms(char *host) {
 		if (supported->elements[i].length<128 &&
 		    ssh_gssapi_check_mechanism(&(supported->elements[i]),host)) {
 
-			/* Earlier versions of this code interpreted the
-			 * spec incorrectly with regard to OID encoding. They
-			 * also mis-encoded the krb5 OID. The following
-			 * _temporary_ code interfaces with these broken
-			 * servers */
-
-			if (datafellows & SSH_BUG_GSSAPI_BER) {
-				char *bodge=NULL;
-				gss_OID_desc krb5oid={9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
-				gss_OID_desc gsioid={9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"};
-				
-				if (supported->elements[i].length==krb5oid.length &&
-				    memcmp(supported->elements[i].elements,
-				    	   krb5oid.elements, krb5oid.length)==0) {
-					bodge="Se3H81ismmOC3OE+FwYCiQ==";
-				}
-				
-				if (supported->elements[i].length==gsioid.length &&
-				    memcmp(supported->elements[i].elements,
-				    	   gsioid.elements, gsioid.length)==0) {
-					bodge="N3+k7/4wGxHyuP8Yxi4RhA==";
-				}
-
-				if (bodge) {				
-					if (oidpos!=0) {
-						buffer_put_char(&buf,',');
-					}
-				
-					buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
-					buffer_append(&buf, bodge, strlen(bodge));
-
-					gss_enc2oid[oidpos].oid=&(supported->elements[i]);
-					gss_enc2oid[oidpos].encoded=bodge;
-			
-					oidpos++;
-				}
-			}
-			
 			/* Add the required DER encoding octets and MD5 hash */
 			deroid[0]=0x06; /* Object Identifier */
 			deroid[1]=supported->elements[i].length;
@@ -241,8 +192,8 @@ ssh_gssapi_error(Gssctxt *ctxt)
 }
 
 char *
-ssh_gssapi_last_error(Gssctxt *ctxt,
-		      OM_uint32 *major_status, OM_uint32 *minor_status)
+ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
+    OM_uint32 *minor_status)
 {
 	OM_uint32 lmin;
 	gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
@@ -456,7 +407,7 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
 }
 
 int
-ssh_gssapi_check_mechanism(gss_OID oid, char *host) {
+ssh_gssapi_check_mechanism(gss_OID oid, const char *host) {
 	Gssctxt * ctx = NULL;
 	gss_buffer_desc token;
 	OM_uint32 major,minor;