Line
Link Here
|
0 |
-- a/config.c |
0 |
++ b/config.c |
Lines 2442-2451
Link Here
|
2442 |
HELPCTX(ssh_kexlist), |
2442 |
HELPCTX(ssh_kexlist), |
2443 |
kexlist_handler, P(NULL)); |
2443 |
kexlist_handler, P(NULL)); |
2444 |
c->listbox.height = KEX_MAX; |
2444 |
c->listbox.height = KEX_MAX; |
|
|
2445 |
#ifndef NO_GSSAPI |
2445 |
ctrl_checkbox(s, "Attempt GSSAPI key exchange", |
2446 |
ctrl_checkbox(s, "Attempt GSSAPI key exchange", |
2446 |
'k', HELPCTX(ssh_gssapi), |
2447 |
'k', HELPCTX(ssh_gssapi), |
2447 |
conf_checkbox_handler, |
2448 |
conf_checkbox_handler, |
2448 |
I(CONF_try_gssapi_kex)); |
2449 |
I(CONF_try_gssapi_kex)); |
|
|
2450 |
#endif |
2449 |
|
2451 |
|
2450 |
s = ctrl_getset(b, "Connection/SSH/Kex", "repeat", |
2452 |
s = ctrl_getset(b, "Connection/SSH/Kex", "repeat", |
2451 |
"Options controlling key re-exchange"); |
2453 |
"Options controlling key re-exchange"); |
Lines 2455-2465
Link Here
|
2455 |
conf_editbox_handler, |
2457 |
conf_editbox_handler, |
2456 |
I(CONF_ssh_rekey_time), |
2458 |
I(CONF_ssh_rekey_time), |
2457 |
I(-1)); |
2459 |
I(-1)); |
|
|
2460 |
#ifndef NO_GSSAPI |
2458 |
ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20, |
2461 |
ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20, |
2459 |
HELPCTX(ssh_kex_repeat), |
2462 |
HELPCTX(ssh_kex_repeat), |
2460 |
conf_editbox_handler, |
2463 |
conf_editbox_handler, |
2461 |
I(CONF_gssapirekey), |
2464 |
I(CONF_gssapirekey), |
2462 |
I(-1)); |
2465 |
I(-1)); |
|
|
2466 |
#endif |
2463 |
ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20, |
2467 |
ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20, |
2464 |
HELPCTX(ssh_kex_repeat), |
2468 |
HELPCTX(ssh_kex_repeat), |
2465 |
conf_editbox_handler, |
2469 |
conf_editbox_handler, |
2466 |
-- a/settings.c |
2470 |
++ b/settings.c |
Lines 592-612
Link Here
|
592 |
write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression)); |
592 |
write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression)); |
593 |
write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent)); |
593 |
write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent)); |
594 |
write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd)); |
594 |
write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd)); |
|
|
595 |
#ifndef NO_GSSAPI |
595 |
write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd)); |
596 |
write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd)); |
|
|
597 |
#endif |
596 |
write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username)); |
598 |
write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username)); |
597 |
wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist); |
599 |
wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist); |
598 |
wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist); |
600 |
wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist); |
599 |
wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist); |
601 |
wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist); |
600 |
write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time)); |
602 |
write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time)); |
|
|
603 |
#ifndef NO_GSSAPI |
601 |
write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey)); |
604 |
write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey)); |
|
|
605 |
#endif |
602 |
write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data)); |
606 |
write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data)); |
603 |
write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth)); |
607 |
write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth)); |
604 |
write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner)); |
608 |
write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner)); |
605 |
write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth)); |
609 |
write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth)); |
606 |
write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth)); |
610 |
write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth)); |
|
|
611 |
#ifndef NO_GSSAPI |
607 |
write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth)); |
612 |
write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth)); |
608 |
write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex)); |
613 |
write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex)); |
609 |
#ifndef NO_GSSAPI |
|
|
610 |
wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist); |
614 |
wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist); |
611 |
write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom)); |
615 |
write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom)); |
612 |
#endif |
616 |
#endif |
Lines 937-943
Link Here
|
937 |
gppb(sesskey, "TryAgent", true, conf, CONF_tryagent); |
941 |
gppb(sesskey, "TryAgent", true, conf, CONF_tryagent); |
938 |
gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd); |
942 |
gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd); |
939 |
gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username); |
943 |
gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username); |
|
|
944 |
#ifndef NO_GSSAPI |
940 |
gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd); |
945 |
gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd); |
|
|
946 |
#endif |
941 |
gprefs(sesskey, "Cipher", "\0", |
947 |
gprefs(sesskey, "Cipher", "\0", |
942 |
ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist); |
948 |
ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist); |
943 |
{ |
949 |
{ |
Lines 990-996
Link Here
|
990 |
gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN", |
996 |
gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN", |
991 |
hknames, HK_MAX, conf, CONF_ssh_hklist); |
997 |
hknames, HK_MAX, conf, CONF_ssh_hklist); |
992 |
gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time); |
998 |
gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time); |
|
|
999 |
#ifndef NO_GSSAPI |
993 |
gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey); |
1000 |
gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey); |
|
|
1001 |
#endif |
994 |
gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data); |
1002 |
gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data); |
995 |
{ |
1003 |
{ |
996 |
/* SSH-2 only by default */ |
1004 |
/* SSH-2 only by default */ |
Lines 1007-1015
Link Here
|
1007 |
gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner); |
1015 |
gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner); |
1008 |
gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth); |
1016 |
gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth); |
1009 |
gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth); |
1017 |
gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth); |
|
|
1018 |
#ifndef NO_GSSAPI |
1010 |
gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth); |
1019 |
gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth); |
1011 |
gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex); |
1020 |
gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex); |
1012 |
#ifndef NO_GSSAPI |
|
|
1013 |
gprefs(sesskey, "GSSLibs", "\0", |
1021 |
gprefs(sesskey, "GSSLibs", "\0", |
1014 |
gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist); |
1022 |
gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist); |
1015 |
gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom); |
1023 |
gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom); |
1016 |
-- a/ssh.c |
1024 |
++ b/ssh.c |
Lines 50-56
Link Here
|
50 |
ssh_sharing_state *connshare; |
50 |
ssh_sharing_state *connshare; |
51 |
bool attempting_connshare; |
51 |
bool attempting_connshare; |
52 |
|
52 |
|
|
|
53 |
#ifndef NO_GSSAPI |
53 |
struct ssh_connection_shared_gss_state gss_state; |
54 |
struct ssh_connection_shared_gss_state gss_state; |
|
|
55 |
#endif |
54 |
|
56 |
|
55 |
char *savedhost; |
57 |
char *savedhost; |
56 |
int savedport; |
58 |
int savedport; |
Lines 252-261
Link Here
|
252 |
conf_get_bool(ssh->conf, CONF_tryagent), username, |
254 |
conf_get_bool(ssh->conf, CONF_tryagent), username, |
253 |
conf_get_bool(ssh->conf, CONF_change_username), |
255 |
conf_get_bool(ssh->conf, CONF_change_username), |
254 |
conf_get_bool(ssh->conf, CONF_try_ki_auth), |
256 |
conf_get_bool(ssh->conf, CONF_try_ki_auth), |
|
|
257 |
#ifndef NO_GSSAPI |
255 |
conf_get_bool(ssh->conf, CONF_try_gssapi_auth), |
258 |
conf_get_bool(ssh->conf, CONF_try_gssapi_auth), |
256 |
conf_get_bool(ssh->conf, CONF_try_gssapi_kex), |
259 |
conf_get_bool(ssh->conf, CONF_try_gssapi_kex), |
257 |
conf_get_bool(ssh->conf, CONF_gssapifwd), |
260 |
conf_get_bool(ssh->conf, CONF_gssapifwd), |
258 |
&ssh->gss_state); |
261 |
&ssh->gss_state); |
|
|
262 |
#else |
263 |
NULL, |
264 |
NULL, |
265 |
NULL, |
266 |
NULL); |
267 |
#endif |
259 |
ssh_connect_ppl(ssh, userauth_layer); |
268 |
ssh_connect_ppl(ssh, userauth_layer); |
260 |
transport_child_layer = userauth_layer; |
269 |
transport_child_layer = userauth_layer; |
261 |
|
270 |
|
Lines 267-273
Link Here
|
267 |
ssh->fullhostname, |
276 |
ssh->fullhostname, |
268 |
ssh_verstring_get_local(old_bpp), |
277 |
ssh_verstring_get_local(old_bpp), |
269 |
ssh_verstring_get_remote(old_bpp), |
278 |
ssh_verstring_get_remote(old_bpp), |
|
|
279 |
#ifndef NO_GSSAPI |
270 |
&ssh->gss_state, |
280 |
&ssh->gss_state, |
|
|
281 |
#else |
282 |
NULL, |
283 |
#endif |
271 |
&ssh->stats, transport_child_layer, false); |
284 |
&ssh->stats, transport_child_layer, false); |
272 |
ssh_connect_ppl(ssh, ssh->base_layer); |
285 |
ssh_connect_ppl(ssh, ssh->base_layer); |
273 |
|
286 |
|
274 |
-- a/sshserver.c |
287 |
++ b/sshserver.c |
Lines 50-56
Link Here
|
50 |
PacketProtocolLayer *base_layer; |
50 |
PacketProtocolLayer *base_layer; |
51 |
ConnectionLayer *cl; |
51 |
ConnectionLayer *cl; |
52 |
|
52 |
|
|
|
53 |
#ifndef NO_GSSAPI |
53 |
struct ssh_connection_shared_gss_state gss_state; |
54 |
struct ssh_connection_shared_gss_state gss_state; |
|
|
55 |
#endif |
54 |
}; |
56 |
}; |
55 |
|
57 |
|
56 |
static void ssh_server_free_callback(void *vsrv); |
58 |
static void ssh_server_free_callback(void *vsrv); |
Lines 246-253
Link Here
|
246 |
bufchain_init(&srv->dummy_user_input); |
248 |
bufchain_init(&srv->dummy_user_input); |
247 |
|
249 |
|
248 |
/* FIXME: replace with sensible */ |
250 |
/* FIXME: replace with sensible */ |
|
|
251 |
#ifndef NO_GSSAPI |
249 |
srv->gss_state.libs = snew(struct ssh_gss_liblist); |
252 |
srv->gss_state.libs = snew(struct ssh_gss_liblist); |
250 |
srv->gss_state.libs->nlibraries = 0; |
253 |
srv->gss_state.libs->nlibraries = 0; |
|
|
254 |
#endif |
251 |
|
255 |
|
252 |
return &srv->plug; |
256 |
return &srv->plug; |
253 |
} |
257 |
} |
Lines 297-303
Link Here
|
297 |
conf_free(srv->conf); |
301 |
conf_free(srv->conf); |
298 |
log_free(srv->logctx); |
302 |
log_free(srv->logctx); |
299 |
|
303 |
|
|
|
304 |
#ifndef NO_GSSAPI |
300 |
sfree(srv->gss_state.libs); /* FIXME: replace with sensible */ |
305 |
sfree(srv->gss_state.libs); /* FIXME: replace with sensible */ |
|
|
306 |
#endif |
301 |
|
307 |
|
302 |
sfree(srv); |
308 |
sfree(srv); |
303 |
|
309 |
|
Lines 442-448
Link Here
|
442 |
srv->conf, NULL, 0, NULL, |
448 |
srv->conf, NULL, 0, NULL, |
443 |
ssh_verstring_get_remote(old_bpp), |
449 |
ssh_verstring_get_remote(old_bpp), |
444 |
ssh_verstring_get_local(old_bpp), |
450 |
ssh_verstring_get_local(old_bpp), |
|
|
451 |
#ifndef NO_GSSAPI |
445 |
&srv->gss_state, &srv->stats, transport_child_layer, true); |
452 |
&srv->gss_state, &srv->stats, transport_child_layer, true); |
|
|
453 |
#else |
454 |
NULL, &srv->stats, transport_child_layer, true); |
455 |
#endif |
446 |
ssh2_transport_provide_hostkeys( |
456 |
ssh2_transport_provide_hostkeys( |
447 |
srv->base_layer, srv->hostkeys, srv->nhostkeys); |
457 |
srv->base_layer, srv->hostkeys, srv->nhostkeys); |
448 |
if (userauth_layer) |
458 |
if (userauth_layer) |
449 |
-- a/ssh2userauth.c |
459 |
++ b/ssh2userauth.c |
Lines 241-247
Link Here
|
241 |
* Misc one-time setup for authentication. |
241 |
* Misc one-time setup for authentication. |
242 |
*/ |
242 |
*/ |
243 |
s->publickey_blob = NULL; |
243 |
s->publickey_blob = NULL; |
|
|
244 |
#ifndef NO_GSSAPI |
244 |
s->session_id = ssh2_transport_get_session_id(s->transport_layer); |
245 |
s->session_id = ssh2_transport_get_session_id(s->transport_layer); |
|
|
246 |
#endif |
245 |
|
247 |
|
246 |
/* |
248 |
/* |
247 |
* Load the public half of any configured public key file for |
249 |
* Load the public half of any configured public key file for |
Lines 613-620
Link Here
|
613 |
* Scan it for method identifiers we know about. |
615 |
* Scan it for method identifiers we know about. |
614 |
*/ |
616 |
*/ |
615 |
bool srv_pubkey = false, srv_passwd = false; |
617 |
bool srv_pubkey = false, srv_passwd = false; |
|
|
618 |
#ifndef NO_GSSAPI |
616 |
bool srv_keyb_inter = false, srv_gssapi = false; |
619 |
bool srv_keyb_inter = false, srv_gssapi = false; |
617 |
bool srv_gssapi_keyex_auth = false; |
620 |
bool srv_gssapi_keyex_auth = false; |
|
|
621 |
#else |
622 |
bool srv_keyb_inter = false; |
623 |
#endif |
618 |
|
624 |
|
619 |
for (ptrlen method; get_commasep_word(&methods, &method) ;) { |
625 |
for (ptrlen method; get_commasep_word(&methods, &method) ;) { |
620 |
if (ptrlen_eq_string(method, "publickey")) |
626 |
if (ptrlen_eq_string(method, "publickey")) |
Lines 623-632
Link Here
|
623 |
srv_passwd = true; |
629 |
srv_passwd = true; |
624 |
else if (ptrlen_eq_string(method, "keyboard-interactive")) |
630 |
else if (ptrlen_eq_string(method, "keyboard-interactive")) |
625 |
srv_keyb_inter = true; |
631 |
srv_keyb_inter = true; |
|
|
632 |
#ifndef NO_GSSAPI |
626 |
else if (ptrlen_eq_string(method, "gssapi-with-mic")) |
633 |
else if (ptrlen_eq_string(method, "gssapi-with-mic")) |
627 |
srv_gssapi = true; |
634 |
srv_gssapi = true; |
628 |
else if (ptrlen_eq_string(method, "gssapi-keyex")) |
635 |
else if (ptrlen_eq_string(method, "gssapi-keyex")) |
629 |
srv_gssapi_keyex_auth = true; |
636 |
srv_gssapi_keyex_auth = true; |
|
|
637 |
#endif |
630 |
} |
638 |
} |
631 |
|
639 |
|
632 |
/* |
640 |
/* |
Lines 1640-1646
Link Here
|
1640 |
* any packets since. Signal the transport layer to consider |
1648 |
* any packets since. Signal the transport layer to consider |
1641 |
* doing an immediate rekey, if it has any reason to want to. |
1649 |
* doing an immediate rekey, if it has any reason to want to. |
1642 |
*/ |
1650 |
*/ |
|
|
1651 |
#ifndef NO_GSSAPI |
1643 |
ssh2_transport_notify_auth_done(s->transport_layer); |
1652 |
ssh2_transport_notify_auth_done(s->transport_layer); |
|
|
1653 |
#endif |
1644 |
|
1654 |
|
1645 |
/* |
1655 |
/* |
1646 |
* Finally, hand over to our successor layer, and return |
1656 |
* Finally, hand over to our successor layer, and return |
1647 |
-- a/ssh2userauth-server.c |
1657 |
++ b/ssh2userauth-server.c |
Lines 122-128
Link Here
|
122 |
|
122 |
|
123 |
crBegin(s->crState); |
123 |
crBegin(s->crState); |
124 |
|
124 |
|
|
|
125 |
#ifndef NO_GSSAPI |
125 |
s->session_id = ssh2_transport_get_session_id(s->transport_layer); |
126 |
s->session_id = ssh2_transport_get_session_id(s->transport_layer); |
|
|
127 |
#endif |
126 |
|
128 |
|
127 |
while (1) { |
129 |
while (1) { |
128 |
crMaybeWaitUntilV((pktin = ssh2_userauth_server_pop(s)) != NULL); |
130 |
crMaybeWaitUntilV((pktin = ssh2_userauth_server_pop(s)) != NULL); |