auth2-none.o auth2-passwd.o auth2-pubkey.o \
monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
auth-krb5.o \
- auth2-gss.o gss-serv.o gss-serv-krb5.o gss-serv-gsi.o kexgsss.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\
+ gss-serv-gsi.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
audit.o audit-bsm.o
channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset)
{
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
-
+
/* check buffer limits */
limit = MIN(limit, (BUFFER_MAX_HPN_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF));
#ifdef GSSAPI
#include "xmalloc.h"
-#include "buffer.h"
#include "bufaux.h"
-#include "compat.h"
-#include <openssl/evp.h>
-#include "kex.h"
#include "log.h"
-#include "monitor_wrap.h"
#include "canohost.h"
#include "ssh2.h"
#include <openssl/evp.h>
size_t i;
int oidpos, enclen;
char *mechs, *encoded;
- unsigned char digest[EVP_MAX_MD_SIZE];
+ u_char digest[EVP_MAX_MD_SIZE];
char deroid[2];
const EVP_MD *evp_md = EVP_md5();
EVP_MD_CTX md;
gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
Gssctxt *ctxt;
OM_uint32 maj_status, min_status, ret_flags;
- unsigned int klen, kout;
+ u_int klen, kout, slen = 0, hashlen, strlen;
DH *dh;
BIGNUM *dh_server_pub = NULL;
BIGNUM *shared_secret = NULL;
BIGNUM *p = NULL;
BIGNUM *g = NULL;
- unsigned char *kbuf;
- unsigned char *hash;
- unsigned int hashlen;
- unsigned char *serverhostkey = NULL;
+ u_char *kbuf, *hash;
+ u_char *serverhostkey = NULL;
char *msg;
char *lang;
int type = 0;
int first = 1;
- unsigned int slen = 0;
int gex = 0;
- int nbits = -1, min = -1, max = -1;
- u_int strlen;
+ int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
/* Initialise our GSSAPI world */
ssh_gssapi_build_ctx(&ctxt);
if (gex) {
debug("Doing group exchange\n");
nbits = dh_estimate(kex->we_need * 8);
- min = DH_GRP_MIN;
- max = DH_GRP_MAX;
packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
packet_put_int(min);
packet_put_int(nbits);
}
gssbuf.value = hash;
- gssbuf.length = 20;
+ gssbuf.length = hashlen;
/* Verify that the hash matches the MIC we just got. */
if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
/* save session id */
if (kex->session_id == NULL) {
- kex->session_id_len = 20;
+ kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
gss_buffer_desc gssbuf, recv_tok, msg_tok;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
Gssctxt *ctxt = NULL;
- unsigned int klen, kout, hashlen;
- unsigned char *kbuf, *hash;
+ u_int slen, klen, kout, hashlen;
+ u_char *kbuf, *hash;
DH *dh;
int min = -1, max = -1, nbits = -1;
BIGNUM *shared_secret = NULL;
BIGNUM *dh_client_pub = NULL;
int type = 0;
int gex;
- u_int slen;
gss_OID oid;
/* Initialise GSSAPI */
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
- oAddressFamily, oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
+ oAddressFamily, oGssAuthentication, oGssDelegateCreds,
+ oGssKeyEx,
oGssTrustDns,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,