Attachment #569604 for bug #680862

View | Details | Raw Unified | Return to bug 680862
Collapse All | Expand All




++ b/config.c

			      HELPCTX(ssh_kexlist),
			      kexlist_handler, P(NULL));
            c->listbox.height = KEX_MAX;
#ifndef NO_GSSAPI
	    ctrl_checkbox(s, "Attempt GSSAPI key exchange",
			  'k', HELPCTX(ssh_gssapi),
			  conf_checkbox_handler,
			  I(CONF_try_gssapi_kex));
#endif

	    s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",
			    "Options controlling key re-exchange");

			 conf_editbox_handler,
			 I(CONF_ssh_rekey_time),
			 I(-1));
#ifndef NO_GSSAPI
            ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20,
                         HELPCTX(ssh_kex_repeat),
                         conf_editbox_handler,
                         I(CONF_gssapirekey),
                         I(-1));
#endif
	    ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20,
			 HELPCTX(ssh_kex_repeat),
			 conf_editbox_handler,
++ b/settings.c

    write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression));
    write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent));
    write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd));
#ifndef NO_GSSAPI
    write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd));
#endif
    write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username));
    wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
    wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
    wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);
    write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));
#ifndef NO_GSSAPI
    write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey));
#endif
    write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data));
    write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth));
    write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner));
    write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth));
    write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth));
#ifndef NO_GSSAPI
    write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth));
    write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex));
#ifndef NO_GSSAPI
    wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
    write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom));
#endif

    gppb(sesskey, "TryAgent", true, conf, CONF_tryagent);
    gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd);
    gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username);
#ifndef NO_GSSAPI
    gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd);
#endif
    gprefs(sesskey, "Cipher", "\0",
	   ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
    {

    gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
           hknames, HK_MAX, conf, CONF_ssh_hklist);
    gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
#ifndef NO_GSSAPI
    gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey);
#endif
    gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
    {
	/* SSH-2 only by default */

    gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner);
    gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth);
    gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth);
#ifndef NO_GSSAPI
    gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth);
    gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex);
#ifndef NO_GSSAPI
    gprefs(sesskey, "GSSLibs", "\0",
	   gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
    gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom);
++ b/ssh.c

    ssh_sharing_state *connshare;
    bool attempting_connshare;

#ifndef NO_GSSAPI
    struct ssh_connection_shared_gss_state gss_state;
#endif

    char *savedhost;
    int savedport;

                    conf_get_bool(ssh->conf, CONF_tryagent), username,
                    conf_get_bool(ssh->conf, CONF_change_username),
                    conf_get_bool(ssh->conf, CONF_try_ki_auth),
#ifndef NO_GSSAPI
                    conf_get_bool(ssh->conf, CONF_try_gssapi_auth),
                    conf_get_bool(ssh->conf, CONF_try_gssapi_kex),
                    conf_get_bool(ssh->conf, CONF_gssapifwd),
                    &ssh->gss_state);
#else
                    NULL,
                    NULL,
                    NULL,
                    NULL);
#endif
                ssh_connect_ppl(ssh, userauth_layer);
                transport_child_layer = userauth_layer;


                ssh->fullhostname,
                ssh_verstring_get_local(old_bpp),
                ssh_verstring_get_remote(old_bpp),
#ifndef NO_GSSAPI
                &ssh->gss_state,
#else
				NULL,
#endif
                &ssh->stats, transport_child_layer, false);
            ssh_connect_ppl(ssh, ssh->base_layer);

++ b/sshserver.c

    PacketProtocolLayer *base_layer;
    ConnectionLayer *cl;

#ifndef NO_GSSAPI
    struct ssh_connection_shared_gss_state gss_state;
#endif
};

static void ssh_server_free_callback(void *vsrv);

    bufchain_init(&srv->dummy_user_input);

    /* FIXME: replace with sensible */
#ifndef NO_GSSAPI
    srv->gss_state.libs = snew(struct ssh_gss_liblist);
    srv->gss_state.libs->nlibraries = 0;
#endif

    return &srv->plug;
}

    conf_free(srv->conf);
    log_free(srv->logctx);

#ifndef NO_GSSAPI
    sfree(srv->gss_state.libs);        /* FIXME: replace with sensible */
#endif

    sfree(srv);


            srv->conf, NULL, 0, NULL,
            ssh_verstring_get_remote(old_bpp),
            ssh_verstring_get_local(old_bpp),
#ifndef NO_GSSAPI
            &srv->gss_state, &srv->stats, transport_child_layer, true);
#else
            NULL, &srv->stats, transport_child_layer, true);
#endif
        ssh2_transport_provide_hostkeys(
            srv->base_layer, srv->hostkeys, srv->nhostkeys);
        if (userauth_layer)
++ b/ssh2userauth.c

     * Misc one-time setup for authentication.
     */
    s->publickey_blob = NULL;
#ifndef NO_GSSAPI
    s->session_id = ssh2_transport_get_session_id(s->transport_layer);
#endif

    /*
     * Load the public half of any configured public key file for

                 * Scan it for method identifiers we know about.
                 */
                bool srv_pubkey = false, srv_passwd = false;
#ifndef NO_GSSAPI
                bool srv_keyb_inter = false, srv_gssapi = false;
                bool srv_gssapi_keyex_auth = false;
#else
                bool srv_keyb_inter = false;
#endif

                for (ptrlen method; get_commasep_word(&methods, &method) ;) {
                    if (ptrlen_eq_string(method, "publickey"))

                        srv_passwd = true;
                    else if (ptrlen_eq_string(method, "keyboard-interactive"))
                        srv_keyb_inter = true;
#ifndef NO_GSSAPI
                    else if (ptrlen_eq_string(method, "gssapi-with-mic"))
                        srv_gssapi = true;
                    else if (ptrlen_eq_string(method, "gssapi-keyex"))
                        srv_gssapi_keyex_auth = true;
#endif
                }

                /*

     * any packets since. Signal the transport layer to consider
     * doing an immediate rekey, if it has any reason to want to.
     */
#ifndef NO_GSSAPI
    ssh2_transport_notify_auth_done(s->transport_layer);
#endif

    /*
     * Finally, hand over to our successor layer, and return
++ b/ssh2userauth-server.c


    crBegin(s->crState);

#ifndef NO_GSSAPI
    s->session_id = ssh2_transport_get_session_id(s->transport_layer);
#endif

    while (1) {
        crMaybeWaitUntilV((pktin = ssh2_userauth_server_pop(s)) != NULL);

Return to bug 680862

Line Link Here

(-)file_not_specified_in_diff (-8 / +55 lines)
0	-- a/config.c	0	++ b/config.c
Lines 2442-2451 Link Here
2442	HELPCTX(ssh_kexlist),	2442	HELPCTX(ssh_kexlist),
2443	kexlist_handler, P(NULL));	2443	kexlist_handler, P(NULL));
2444	c->listbox.height = KEX_MAX;	2444	c->listbox.height = KEX_MAX;
		2445	#ifndef NO_GSSAPI
2445	ctrl_checkbox(s, "Attempt GSSAPI key exchange",	2446	ctrl_checkbox(s, "Attempt GSSAPI key exchange",
2446	'k', HELPCTX(ssh_gssapi),	2447	'k', HELPCTX(ssh_gssapi),
2447	conf_checkbox_handler,	2448	conf_checkbox_handler,
2448	I(CONF_try_gssapi_kex));	2449	I(CONF_try_gssapi_kex));
		2450	#endif
2449		2451
2450	s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",	2452	s = ctrl_getset(b, "Connection/SSH/Kex", "repeat",
2451	"Options controlling key re-exchange");	2453	"Options controlling key re-exchange");
Lines 2455-2465 Link Here
2455	conf_editbox_handler,	2457	conf_editbox_handler,
2456	I(CONF_ssh_rekey_time),	2458	I(CONF_ssh_rekey_time),
2457	I(-1));	2459	I(-1));
		2460	#ifndef NO_GSSAPI
2458	ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20,	2461	ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20,
2459	HELPCTX(ssh_kex_repeat),	2462	HELPCTX(ssh_kex_repeat),
2460	conf_editbox_handler,	2463	conf_editbox_handler,
2461	I(CONF_gssapirekey),	2464	I(CONF_gssapirekey),
2462	I(-1));	2465	I(-1));
		2466	#endif
2463	ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20,	2467	ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20,
2464	HELPCTX(ssh_kex_repeat),	2468	HELPCTX(ssh_kex_repeat),
2465	conf_editbox_handler,	2469	conf_editbox_handler,
2466	-- a/settings.c	2470	++ b/settings.c
Lines 592-612 Link Here
592	write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression));	592	write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression));
593	write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent));	593	write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent));
594	write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd));	594	write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd));
		595	#ifndef NO_GSSAPI
595	write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd));	596	write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd));
		597	#endif
596	write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username));	598	write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username));
597	wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);	599	wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
598	wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);	600	wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
599	wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);	601	wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);
600	write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));	602	write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));
		603	#ifndef NO_GSSAPI
601	write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey));	604	write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey));
		605	#endif
602	write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data));	606	write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data));
603	write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth));	607	write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth));
604	write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner));	608	write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner));
605	write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth));	609	write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth));
606	write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth));	610	write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth));
		611	#ifndef NO_GSSAPI
607	write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth));	612	write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth));
608	write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex));	613	write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex));
609	#ifndef NO_GSSAPI
610	wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);	614	wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
611	write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom));	615	write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom));
612	#endif	616	#endif
Lines 937-943 Link Here
937	gppb(sesskey, "TryAgent", true, conf, CONF_tryagent);	941	gppb(sesskey, "TryAgent", true, conf, CONF_tryagent);
938	gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd);	942	gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd);
939	gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username);	943	gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username);
		944	#ifndef NO_GSSAPI
940	gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd);	945	gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd);
		946	#endif
941	gprefs(sesskey, "Cipher", "\0",	947	gprefs(sesskey, "Cipher", "\0",
942	ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);	948	ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
943	{	949	{
Lines 990-996 Link Here
990	gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",	996	gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",
991	hknames, HK_MAX, conf, CONF_ssh_hklist);	997	hknames, HK_MAX, conf, CONF_ssh_hklist);
992	gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);	998	gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
		999	#ifndef NO_GSSAPI
993	gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey);	1000	gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey);
		1001	#endif
994	gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);	1002	gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
995	{	1003	{
996	/* SSH-2 only by default */	1004	/* SSH-2 only by default */
Lines 1007-1015 Link Here
1007	gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner);	1015	gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner);
1008	gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth);	1016	gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth);
1009	gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth);	1017	gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth);
		1018	#ifndef NO_GSSAPI
1010	gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth);	1019	gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth);
1011	gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex);	1020	gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex);
1012	#ifndef NO_GSSAPI
1013	gprefs(sesskey, "GSSLibs", "\0",	1021	gprefs(sesskey, "GSSLibs", "\0",
1014	gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);	1022	gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist);
1015	gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom);	1023	gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom);
1016	-- a/ssh.c	1024	++ b/ssh.c
Lines 50-56 Link Here
50	ssh_sharing_state *connshare;	50	ssh_sharing_state *connshare;
51	bool attempting_connshare;	51	bool attempting_connshare;
52		52
		53	#ifndef NO_GSSAPI
53	struct ssh_connection_shared_gss_state gss_state;	54	struct ssh_connection_shared_gss_state gss_state;
		55	#endif
54		56
55	char *savedhost;	57	char *savedhost;
56	int savedport;	58	int savedport;
Lines 252-261 Link Here
252	conf_get_bool(ssh->conf, CONF_tryagent), username,	254	conf_get_bool(ssh->conf, CONF_tryagent), username,
253	conf_get_bool(ssh->conf, CONF_change_username),	255	conf_get_bool(ssh->conf, CONF_change_username),
254	conf_get_bool(ssh->conf, CONF_try_ki_auth),	256	conf_get_bool(ssh->conf, CONF_try_ki_auth),
		257	#ifndef NO_GSSAPI
255	conf_get_bool(ssh->conf, CONF_try_gssapi_auth),	258	conf_get_bool(ssh->conf, CONF_try_gssapi_auth),
256	conf_get_bool(ssh->conf, CONF_try_gssapi_kex),	259	conf_get_bool(ssh->conf, CONF_try_gssapi_kex),
257	conf_get_bool(ssh->conf, CONF_gssapifwd),	260	conf_get_bool(ssh->conf, CONF_gssapifwd),
258	&ssh->gss_state);	261	&ssh->gss_state);
		262	#else
		263	NULL,
		264	NULL,
		265	NULL,
		266	NULL);
		267	#endif
259	ssh_connect_ppl(ssh, userauth_layer);	268	ssh_connect_ppl(ssh, userauth_layer);
260	transport_child_layer = userauth_layer;	269	transport_child_layer = userauth_layer;
261		270
Lines 267-273 Link Here
267	ssh->fullhostname,	276	ssh->fullhostname,
268	ssh_verstring_get_local(old_bpp),	277	ssh_verstring_get_local(old_bpp),
269	ssh_verstring_get_remote(old_bpp),	278	ssh_verstring_get_remote(old_bpp),
		279	#ifndef NO_GSSAPI
270	&ssh->gss_state,	280	&ssh->gss_state,
		281	#else
		282	NULL,
		283	#endif
271	&ssh->stats, transport_child_layer, false);	284	&ssh->stats, transport_child_layer, false);
272	ssh_connect_ppl(ssh, ssh->base_layer);	285	ssh_connect_ppl(ssh, ssh->base_layer);
273		286
274	-- a/sshserver.c	287	++ b/sshserver.c
Lines 50-56 Link Here
50	PacketProtocolLayer *base_layer;	50	PacketProtocolLayer *base_layer;
51	ConnectionLayer *cl;	51	ConnectionLayer *cl;
52		52
		53	#ifndef NO_GSSAPI
53	struct ssh_connection_shared_gss_state gss_state;	54	struct ssh_connection_shared_gss_state gss_state;
		55	#endif
54	};	56	};
55		57
56	static void ssh_server_free_callback(void *vsrv);	58	static void ssh_server_free_callback(void *vsrv);
Lines 246-253 Link Here
246	bufchain_init(&srv->dummy_user_input);	248	bufchain_init(&srv->dummy_user_input);
247		249
248	/* FIXME: replace with sensible */	250	/* FIXME: replace with sensible */
		251	#ifndef NO_GSSAPI
249	srv->gss_state.libs = snew(struct ssh_gss_liblist);	252	srv->gss_state.libs = snew(struct ssh_gss_liblist);
250	srv->gss_state.libs->nlibraries = 0;	253	srv->gss_state.libs->nlibraries = 0;
		254	#endif
251		255
252	return &srv->plug;	256	return &srv->plug;
253	}	257	}
Lines 297-303 Link Here
297	conf_free(srv->conf);	301	conf_free(srv->conf);
298	log_free(srv->logctx);	302	log_free(srv->logctx);
299		303
		304	#ifndef NO_GSSAPI
300	sfree(srv->gss_state.libs); /* FIXME: replace with sensible */	305	sfree(srv->gss_state.libs); /* FIXME: replace with sensible */
		306	#endif
301		307
302	sfree(srv);	308	sfree(srv);
303		309
Lines 442-448 Link Here
442	srv->conf, NULL, 0, NULL,	448	srv->conf, NULL, 0, NULL,
443	ssh_verstring_get_remote(old_bpp),	449	ssh_verstring_get_remote(old_bpp),
444	ssh_verstring_get_local(old_bpp),	450	ssh_verstring_get_local(old_bpp),
		451	#ifndef NO_GSSAPI
445	&srv->gss_state, &srv->stats, transport_child_layer, true);	452	&srv->gss_state, &srv->stats, transport_child_layer, true);
		453	#else
		454	NULL, &srv->stats, transport_child_layer, true);
		455	#endif
446	ssh2_transport_provide_hostkeys(	456	ssh2_transport_provide_hostkeys(
447	srv->base_layer, srv->hostkeys, srv->nhostkeys);	457	srv->base_layer, srv->hostkeys, srv->nhostkeys);
448	if (userauth_layer)	458	if (userauth_layer)
449	-- a/ssh2userauth.c	459	++ b/ssh2userauth.c
Lines 241-247 Link Here
241	* Misc one-time setup for authentication.	241	* Misc one-time setup for authentication.
242	*/	242	*/
243	s->publickey_blob = NULL;	243	s->publickey_blob = NULL;
		244	#ifndef NO_GSSAPI
244	s->session_id = ssh2_transport_get_session_id(s->transport_layer);	245	s->session_id = ssh2_transport_get_session_id(s->transport_layer);
		246	#endif
245		247
246	/*	248	/*
247	* Load the public half of any configured public key file for	249	* Load the public half of any configured public key file for
Lines 613-620 Link Here
613	* Scan it for method identifiers we know about.	615	* Scan it for method identifiers we know about.
614	*/	616	*/
615	bool srv_pubkey = false, srv_passwd = false;	617	bool srv_pubkey = false, srv_passwd = false;
		618	#ifndef NO_GSSAPI
616	bool srv_keyb_inter = false, srv_gssapi = false;	619	bool srv_keyb_inter = false, srv_gssapi = false;
617	bool srv_gssapi_keyex_auth = false;	620	bool srv_gssapi_keyex_auth = false;
		621	#else
		622	bool srv_keyb_inter = false;
		623	#endif
618		624
619	for (ptrlen method; get_commasep_word(&methods, &method) ;) {	625	for (ptrlen method; get_commasep_word(&methods, &method) ;) {
620	if (ptrlen_eq_string(method, "publickey"))	626	if (ptrlen_eq_string(method, "publickey"))
Lines 623-632 Link Here
623	srv_passwd = true;	629	srv_passwd = true;
624	else if (ptrlen_eq_string(method, "keyboard-interactive"))	630	else if (ptrlen_eq_string(method, "keyboard-interactive"))
625	srv_keyb_inter = true;	631	srv_keyb_inter = true;
		632	#ifndef NO_GSSAPI
626	else if (ptrlen_eq_string(method, "gssapi-with-mic"))	633	else if (ptrlen_eq_string(method, "gssapi-with-mic"))
627	srv_gssapi = true;	634	srv_gssapi = true;
628	else if (ptrlen_eq_string(method, "gssapi-keyex"))	635	else if (ptrlen_eq_string(method, "gssapi-keyex"))
629	srv_gssapi_keyex_auth = true;	636	srv_gssapi_keyex_auth = true;
		637	#endif
630	}	638	}
631		639
632	/*	640	/*
Lines 1640-1646 Link Here
1640	* any packets since. Signal the transport layer to consider	1648	* any packets since. Signal the transport layer to consider
1641	* doing an immediate rekey, if it has any reason to want to.	1649	* doing an immediate rekey, if it has any reason to want to.
1642	*/	1650	*/
		1651	#ifndef NO_GSSAPI
1643	ssh2_transport_notify_auth_done(s->transport_layer);	1652	ssh2_transport_notify_auth_done(s->transport_layer);
		1653	#endif
1644		1654
1645	/*	1655	/*
1646	* Finally, hand over to our successor layer, and return	1656	* Finally, hand over to our successor layer, and return
1647	-- a/ssh2userauth-server.c	1657	++ b/ssh2userauth-server.c
Lines 122-128 Link Here
122		122
123	crBegin(s->crState);	123	crBegin(s->crState);
124		124
		125	#ifndef NO_GSSAPI
125	s->session_id = ssh2_transport_get_session_id(s->transport_layer);	126	s->session_id = ssh2_transport_get_session_id(s->transport_layer);
		127	#endif
126		128
127	while (1) {	129	while (1) {
128	crMaybeWaitUntilV((pktin = ssh2_userauth_server_pop(s)) != NULL);	130	crMaybeWaitUntilV((pktin = ssh2_userauth_server_pop(s)) != NULL);