kexgsss.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include "includes.h"
#ifdef GSSAPI
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "compat.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#include "ssh-gss.h"
#include "monitor_wrap.h"
void
{
unsigned int sbloblen = 0;
unsigned char *server_host_key_blob = NULL;
int type =0;
/*
* Load host key to advertise in a SSH_MSG_KEXGSS_HOSTKEY packet
* the GSS-API that provides for server host authentication.
*/
if (server_host_key != NULL)
/* Initialise GSSAPI */
if (oid == GSS_C_NULL_OID) {
fatal("Couldn't match the negotiated GSS key exchange");
}
xxx_gssctxt = ctxt;
do {
debug("Wait SSH2_MSG_GSSAPI_INIT");
type = packet_read();
switch(type) {
case SSH2_MSG_KEXGSS_INIT:
if (dh_client_pub!=NULL)
fatal("Received KEXGSS_INIT after initialising");
dh_client_pub = BN_new();
if (dh_client_pub == NULL)
fatal("dh_client_pub == NULL");
/* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
if (sbloblen) {
packet_send();
}
break;
case SSH2_MSG_KEXGSS_CONTINUE:
break;
default:
packet_disconnect("Protocol error: didn't expect packet type %d",
type);
}
&send_tok));
if (dh_client_pub == NULL)
fatal("No client public key");
if (maj_status == GSS_S_CONTINUE_NEEDED) {
debug("Sending GSSAPI_CONTINUE");
packet_send();
}
} while (maj_status == GSS_S_CONTINUE_NEEDED);
if (GSS_ERROR(maj_status)) {
packet_send();
}
fatal("accept_ctx died");
}
debug("gss_complete");
fatal("Mutual authentication flag wasn't set");
fatal("Integrity flag wasn't set");
dh = dh_new_group1();
packet_disconnect("bad client public DH value");
shared_secret = BN_new();
/* The GSSAPI hash is identical to the Diffie Helman one */
hash = kex_dh_hash(
);
}
/* Should fix kex_dh_hash to output hash length */
fatal("Couldn't get MIC");
}
} else {
packet_put_char(0); /* false */
}
packet_send();
}
static void
char *errstr;
if (errstr) {
packet_put_cstring("");
packet_send();
/* XXX - We should probably log the error locally here */
}
}
#endif /* GSSAPI */