- andreas@cvs.openbsd.org 2009/10/24 11:13:54
[sshconnect2.c kex.h kex.c] Let the client detect if the server supports roaming by looking for the resume@appgate.com kex algorithm. ok markus@
This commit is contained in:
parent
b7b17be4c0
commit
36331b5d6c
|
@ -4,6 +4,11 @@
|
||||||
[roaming.h]
|
[roaming.h]
|
||||||
Declarations needed for upcoming changes.
|
Declarations needed for upcoming changes.
|
||||||
ok markus@
|
ok markus@
|
||||||
|
- andreas@cvs.openbsd.org 2009/10/24 11:13:54
|
||||||
|
[sshconnect2.c kex.h kex.c]
|
||||||
|
Let the client detect if the server supports roaming by looking
|
||||||
|
for the resume@appgate.com kex algorithm.
|
||||||
|
ok markus@
|
||||||
|
|
||||||
20091226
|
20091226
|
||||||
- (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
|
- (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
|
||||||
|
|
13
kex.c
13
kex.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: kex.c,v 1.81 2009/05/27 06:34:36 andreas Exp $ */
|
/* $OpenBSD: kex.c,v 1.82 2009/10/24 11:13:54 andreas Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -48,6 +48,7 @@
|
||||||
#include "match.h"
|
#include "match.h"
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "monitor.h"
|
#include "monitor.h"
|
||||||
|
#include "roaming.h"
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||||
# if defined(HAVE_EVP_SHA256)
|
# if defined(HAVE_EVP_SHA256)
|
||||||
|
@ -386,6 +387,16 @@ kex_choose_conf(Kex *kex)
|
||||||
sprop=peer;
|
sprop=peer;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Check whether server offers roaming */
|
||||||
|
if (!kex->server) {
|
||||||
|
char *roaming;
|
||||||
|
roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL);
|
||||||
|
if (roaming) {
|
||||||
|
kex->roaming = 1;
|
||||||
|
xfree(roaming);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Algorithm Negotiation */
|
/* Algorithm Negotiation */
|
||||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||||
newkeys = xcalloc(1, sizeof(*newkeys));
|
newkeys = xcalloc(1, sizeof(*newkeys));
|
||||||
|
|
4
kex.h
4
kex.h
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: kex.h,v 1.47 2009/05/27 06:34:36 andreas Exp $ */
|
/* $OpenBSD: kex.h,v 1.48 2009/10/24 11:13:54 andreas Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
|
@ -36,6 +36,7 @@
|
||||||
#define KEX_DH14 "diffie-hellman-group14-sha1"
|
#define KEX_DH14 "diffie-hellman-group14-sha1"
|
||||||
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
|
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
|
||||||
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
|
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
|
||||||
|
#define KEX_RESUME "resume@appgate.com"
|
||||||
|
|
||||||
#define COMP_NONE 0
|
#define COMP_NONE 0
|
||||||
#define COMP_ZLIB 1
|
#define COMP_ZLIB 1
|
||||||
|
@ -116,6 +117,7 @@ struct Kex {
|
||||||
char *name;
|
char *name;
|
||||||
int hostkey_type;
|
int hostkey_type;
|
||||||
int kex_type;
|
int kex_type;
|
||||||
|
int roaming;
|
||||||
Buffer my;
|
Buffer my;
|
||||||
Buffer peer;
|
Buffer peer;
|
||||||
sig_atomic_t done;
|
sig_atomic_t done;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshconnect2.c,v 1.172 2009/10/23 01:57:11 djm Exp $ */
|
/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||||
|
@ -152,6 +152,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
|
||||||
|
|
||||||
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
|
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
|
||||||
|
|
||||||
|
if (options.use_roaming && !kex->roaming) {
|
||||||
|
debug("Roaming not allowed by server");
|
||||||
|
options.use_roaming = 0;
|
||||||
|
}
|
||||||
|
|
||||||
session_id2 = kex->session_id;
|
session_id2 = kex->session_id;
|
||||||
session_id2_len = kex->session_id_len;
|
session_id2_len = kex->session_id_len;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue