X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/fa0f0f455ac5f0d6e3e0597842e9f4f4fe58d2b1..16ff2507b47a9820fc2a82566a9dd46dad2e2409:/openssh/kex.c

diff --git a/openssh/kex.c b/openssh/kex.c
index d0c3265..d2fa829 100644
--- a/openssh/kex.c
+++ b/openssh/kex.c
@@ -68,6 +68,7 @@ static void kex_kexinit_finish(Kex *);
 static void kex_choose_conf(Kex *);
 
 /* put algorithm proposal into buffer */
+/* used in sshconnect.c as well as kex.c */
 void
 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 {
@@ -395,6 +396,12 @@ kex_choose_conf(Kex *kex)
 	u_int mode, ctos, need;
 	int first_kex_follows, type;
 
+	int auth_flag;
+
+	auth_flag = packet_authentication_state();
+
+	debug ("AUTH STATE IS %d", auth_flag);
+
 	my   = kex_buf2prop(&kex->my, NULL);
 	peer = kex_buf2prop(&kex->peer, &first_kex_follows);
 
@@ -418,6 +425,15 @@ kex_choose_conf(Kex *kex)
 		choose_enc (&newkeys->enc,  cprop[nenc],  sprop[nenc]);
 		choose_mac (&newkeys->mac,  cprop[nmac],  sprop[nmac]);
 		choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
+		debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
+		if (strcmp(newkeys->enc.name, "none") == 0) {
+				debug("Requesting NONE. Authflag is %d", auth_flag);			
+			if (auth_flag == 1) {
+				debug("None requested post authentication.");
+			} else {
+				fatal("Pre-authentication none cipher requests are not allowed.");
+			}
+		} 
 		debug("kex: %s %s %s %s",
 		    ctos ? "client->server" : "server->client",
 		    newkeys->enc.name,