X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/d33fd7cddd6fc962898bee9abdd0147f1383eade..8d212d56428a6f99849ad239d25a7a0995ca59d8:/openssh/kexgsss.c

diff --git a/openssh/kexgsss.c b/openssh/kexgsss.c
index 9f51705..ae58cac 100644
--- a/openssh/kexgsss.c
+++ b/openssh/kexgsss.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -26,17 +26,20 @@
 
 #ifdef GSSAPI
 
+#include <string.h>
+
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
 
 #include "xmalloc.h"
 #include "buffer.h"
-#include "bufaux.h"
+#include "ssh2.h"
+#include "key.h"
+#include "cipher.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
 #include "dh.h"
-#include "ssh2.h"
 #include "ssh-gss.h"
 #include "monitor_wrap.h"
 
@@ -65,31 +68,37 @@ kexgss_server(Kex *kex)
 	BIGNUM *shared_secret = NULL;
 	BIGNUM *dh_client_pub = NULL;
 	int type = 0;
-	int gex;
 	gss_OID oid;
-	
+
 	/* Initialise GSSAPI */
 
 	/* If we're rekeying, privsep means that some of the private structures
 	 * in the GSSAPI code are no longer available. This kludges them back
-         * into life
+	 * into life
 	 */
 	if (!ssh_gssapi_oid_table_ok()) 
 		ssh_gssapi_server_mechanisms();
 
 	debug2("%s: Identifying %s", __func__, kex->name);
-	oid = ssh_gssapi_id_kex(NULL, kex->name, &gex);
-	if (oid == NULL)
+	oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type);
+	if (oid == GSS_C_NO_OID)
 	   fatal("Unknown gssapi mechanism");
 
 	debug2("%s: Acquiring credentials", __func__);
 
 	if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid)))) {
 		kex_gss_send_error(ctxt);
-        	fatal("Unable to acquire credentials for the server");
-	}
-
-	if (gex) {
+		fatal("Unable to acquire credentials for the server");
+    }
+
+	switch (kex->kex_type) {
+	case KEX_GSS_GRP1_SHA1:
+		dh = dh_new_group1();
+		break;
+	case KEX_GSS_GRP14_SHA1:
+		dh = dh_new_group14();
+		break;
+	case KEX_GSS_GEX_SHA1:
 		debug("Doing group exchange");
 		packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ);
 		min = packet_get_int();
@@ -111,10 +120,11 @@ kexgss_server(Kex *kex)
 		packet_send();
 
 		packet_write_wait();
-		
-	} else {
-        	dh = dh_new_group1();
+		break;
+	default:
+		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
 	}
+
 	dh_gen_key(dh, kex->we_need * 8);
 
 	do {
@@ -192,7 +202,19 @@ kexgss_server(Kex *kex)
 	memset(kbuf, 0, klen);
 	xfree(kbuf);
 
-	if (gex) {
+	switch (kex->kex_type) {
+	case KEX_GSS_GRP1_SHA1:
+	case KEX_GSS_GRP14_SHA1:
+		kex_dh_hash(
+		    kex->client_version_string, kex->server_version_string,
+		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+		    buffer_ptr(&kex->my), buffer_len(&kex->my),
+		    NULL, 0, /* Change this if we start sending host keys */
+		    dh_client_pub, dh->pub_key, shared_secret,
+		    &hash, &hashlen
+		);
+		break;
+	case KEX_GSS_GEX_SHA1:
 		kexgex_hash(
 		    kex->evp_md,
 		    kex->client_version_string, kex->server_version_string,
@@ -206,18 +228,11 @@ kexgss_server(Kex *kex)
 		    shared_secret,
 		    &hash, &hashlen
 		);
+		break;
+	default:
+		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
 	}
-	else {	
-		/* The GSSAPI hash is identical to the Diffie Helman one */
-		kex_dh_hash(
-		    kex->client_version_string, kex->server_version_string,
-		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
-		    buffer_ptr(&kex->my), buffer_len(&kex->my),
-		    NULL, 0, /* Change this if we start sending host keys */
-		    dh_client_pub, dh->pub_key, shared_secret,
-		    &hash, &hashlen
-		);
-	}
+
 	BN_free(dh_client_pub);
 
 	if (kex->session_id == NULL) {