[sshconnect2.c kex.h kex.c]
     Let the client detect if the server supports roaming by looking
     for the resume@appgate.com kex algorithm.
     ok markus@
This commit is contained in:
Darren Tucker 2010-01-08 16:50:41 +11:00
parent b7b17be4c0
commit 36331b5d6c
4 changed files with 26 additions and 3 deletions

View File

@ -4,6 +4,11 @@
[roaming.h] [roaming.h]
Declarations needed for upcoming changes. Declarations needed for upcoming changes.
ok markus@ ok markus@
- andreas@cvs.openbsd.org 2009/10/24 11:13:54
[sshconnect2.c kex.h kex.c]
Let the client detect if the server supports roaming by looking
for the resume@appgate.com kex algorithm.
ok markus@
20091226 20091226
- (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1

13
kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.c,v 1.81 2009/05/27 06:34:36 andreas Exp $ */ /* $OpenBSD: kex.c,v 1.82 2009/10/24 11:13:54 andreas Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* *
@ -48,6 +48,7 @@
#include "match.h" #include "match.h"
#include "dispatch.h" #include "dispatch.h"
#include "monitor.h" #include "monitor.h"
#include "roaming.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L #if OPENSSL_VERSION_NUMBER >= 0x00907000L
# if defined(HAVE_EVP_SHA256) # if defined(HAVE_EVP_SHA256)
@ -386,6 +387,16 @@ kex_choose_conf(Kex *kex)
sprop=peer; sprop=peer;
} }
/* Check whether server offers roaming */
if (!kex->server) {
char *roaming;
roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL);
if (roaming) {
kex->roaming = 1;
xfree(roaming);
}
}
/* Algorithm Negotiation */ /* Algorithm Negotiation */
for (mode = 0; mode < MODE_MAX; mode++) { for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = xcalloc(1, sizeof(*newkeys)); newkeys = xcalloc(1, sizeof(*newkeys));

4
kex.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.47 2009/05/27 06:34:36 andreas Exp $ */ /* $OpenBSD: kex.h,v 1.48 2009/10/24 11:13:54 andreas Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -36,6 +36,7 @@
#define KEX_DH14 "diffie-hellman-group14-sha1" #define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
#define KEX_RESUME "resume@appgate.com"
#define COMP_NONE 0 #define COMP_NONE 0
#define COMP_ZLIB 1 #define COMP_ZLIB 1
@ -116,6 +117,7 @@ struct Kex {
char *name; char *name;
int hostkey_type; int hostkey_type;
int kex_type; int kex_type;
int roaming;
Buffer my; Buffer my;
Buffer peer; Buffer peer;
sig_atomic_t done; sig_atomic_t done;

View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.172 2009/10/23 01:57:11 djm Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved.
@ -152,6 +152,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
dispatch_run(DISPATCH_BLOCK, &kex->done, kex); dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
if (options.use_roaming && !kex->roaming) {
debug("Roaming not allowed by server");
options.use_roaming = 0;
}
session_id2 = kex->session_id; session_id2 = kex->session_id;
session_id2_len = kex->session_id_len; session_id2_len = kex->session_id_len;