- andreas@cvs.openbsd.org 2009/10/24 11:13:54

     [sshconnect2.c kex.h kex.c]
     Let the client detect if the server supports roaming by looking
     for the resume@appgate.com kex algorithm.
     ok markus@

diff --git a/ChangeLog b/ChangeLog
index 5935fa6ad5416eb4af077c10a79be6d1feef582a..68f772b60a32ec023567b064e46b3c74592d869b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,11 @@
      [roaming.h]
      Declarations needed for upcoming changes.
      ok markus@
+   - andreas@cvs.openbsd.org 2009/10/24 11:13:54
+     [sshconnect2.c kex.h kex.c]
+     Let the client detect if the server supports roaming by looking
+     for the resume@appgate.com kex algorithm.
+     ok markus@
 
 20091226
  - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1

diff --git a/kex.c b/kex.c
index f4f44f095d6c33a0dd4dac10e6fa126052f61cd3..148cfee8046ad5af46be99c83f6b9affe0ec768a 100644 (file)
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.81 2009/05/27 06:34:36 andreas Exp $ */
+/* $OpenBSD: kex.c,v 1.82 2009/10/24 11:13:54 andreas Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -48,6 +48,7 @@
 #include "match.h"
 #include "dispatch.h"
 #include "monitor.h"
+#include "roaming.h"
 
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
 # if defined(HAVE_EVP_SHA256)
@@ -386,6 +387,16 @@ kex_choose_conf(Kex *kex)
                sprop=peer;
        }
 
+       /* Check whether server offers roaming */
+       if (!kex->server) {
+               char *roaming;
+               roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL);
+               if (roaming) {
+                       kex->roaming = 1;
+                       xfree(roaming);
+               }
+       }
+
        /* Algorithm Negotiation */
        for (mode = 0; mode < MODE_MAX; mode++) {
                newkeys = xcalloc(1, sizeof(*newkeys));

diff --git a/kex.h b/kex.h
index 68c80c5a90d2e58bec2376b095be8cd7899344fd..1fa13799d6c2dcf7d179a0c8ce2b9f87c6f319a2 100644 (file)
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.47 2009/05/27 06:34:36 andreas Exp $ */
+/* $OpenBSD: kex.h,v 1.48 2009/10/24 11:13:54 andreas Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -36,6 +36,7 @@
 #define        KEX_DH14                "diffie-hellman-group14-sha1"
 #define        KEX_DHGEX_SHA1          "diffie-hellman-group-exchange-sha1"
 #define        KEX_DHGEX_SHA256        "diffie-hellman-group-exchange-sha256"
+#define        KEX_RESUME              "resume@appgate.com"
 
 #define COMP_NONE      0
 #define COMP_ZLIB      1
@@ -116,6 +117,7 @@ struct Kex {
        char    *name;
        int     hostkey_type;
        int     kex_type;
+       int     roaming;
        Buffer  my;
        Buffer  peer;
        sig_atomic_t done;

diff --git a/sshconnect2.c b/sshconnect2.c
index 1e0e9d5e10e1fcb587db9d98b75ce5d94b30ea6f..937bb773dd647610b7d8a140d05ce5b08b628b95 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.172 2009/10/23 01:57:11 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -152,6 +152,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 
        dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
 
+       if (options.use_roaming && !kex->roaming) {
+               debug("Roaming not allowed by server");
+               options.use_roaming = 0;
+       }
+
        session_id2 = kex->session_id;
        session_id2_len = kex->session_id_len;