786 + } |
786 + } |
787 +#endif |
787 +#endif |
788 kex->load_host_public_key=&get_hostkey_public_by_type; |
788 kex->load_host_public_key=&get_hostkey_public_by_type; |
789 kex->load_host_private_key=&get_hostkey_private_by_type; |
789 kex->load_host_private_key=&get_hostkey_private_by_type; |
790 kex->host_key_index=&get_hostkey_index; |
790 kex->host_key_index=&get_hostkey_index; |
791 @@ -1745,6 +1767,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer |
791 @@ -1742,8 +1764,8 @@ mm_answer_gss_setup_ctx(int sock, Buffer |
792 if (!options.gss_authentication) |
792 OM_uint32 major; |
793 fatal("%s: GSSAPI authentication not enabled", __func__); |
793 u_int len; |
794 |
794 |
|
795 - if (!options.gss_authentication) |
|
796 - fatal("%s: GSSAPI authentication not enabled", __func__); |
795 + if (!options.gss_authentication && !options.gss_keyex) |
797 + if (!options.gss_authentication && !options.gss_keyex) |
796 + fatal("In GSSAPI monitor when GSSAPI is disabled"); |
798 + fatal("In GSSAPI monitor when GSSAPI is disabled"); |
797 + |
799 |
798 goid.elements = buffer_get_string(m, &len); |
800 goid.elements = buffer_get_string(m, &len); |
799 goid.length = len; |
801 goid.length = len; |
800 |
802 @@ -1772,8 +1794,8 @@ mm_answer_gss_accept_ctx(int sock, Buffe |
801 @@ -1775,6 +1800,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe |
803 OM_uint32 flags = 0; /* GSI needs this */ |
802 if (!options.gss_authentication) |
804 u_int len; |
803 fatal("%s: GSSAPI authentication not enabled", __func__); |
805 |
804 |
806 - if (!options.gss_authentication) |
|
807 - fatal("%s: GSSAPI authentication not enabled", __func__); |
805 + if (!options.gss_authentication && !options.gss_keyex) |
808 + if (!options.gss_authentication && !options.gss_keyex) |
806 + fatal("In GSSAPI monitor when GSSAPI is disabled"); |
809 + fatal("In GSSAPI monitor when GSSAPI is disabled"); |
807 + |
810 |
808 in.value = buffer_get_string(m, &len); |
811 in.value = buffer_get_string(m, &len); |
809 in.length = len; |
812 in.length = len; |
810 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
813 @@ -1792,6 +1814,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe |
811 @@ -1792,6 +1820,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe |
|
812 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
814 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
813 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
815 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
814 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
816 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
815 + monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1); |
817 + monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1); |
816 } |
818 } |
817 return (0); |
819 return (0); |
818 } |
820 } |
819 @@ -1806,6 +1835,9 @@ mm_answer_gss_checkmic(int sock, Buffer |
821 @@ -1803,8 +1826,8 @@ mm_answer_gss_checkmic(int sock, Buffer |
820 if (!options.gss_authentication) |
822 OM_uint32 ret; |
821 fatal("%s: GSSAPI authentication not enabled", __func__); |
823 u_int len; |
822 |
824 |
|
825 - if (!options.gss_authentication) |
|
826 - fatal("%s: GSSAPI authentication not enabled", __func__); |
823 + if (!options.gss_authentication && !options.gss_keyex) |
827 + if (!options.gss_authentication && !options.gss_keyex) |
824 + fatal("In GSSAPI monitor when GSSAPI is disabled"); |
828 + fatal("In GSSAPI monitor when GSSAPI is disabled"); |
825 + |
829 |
826 gssbuf.value = buffer_get_string(m, &len); |
830 gssbuf.value = buffer_get_string(m, &len); |
827 gssbuf.length = len; |
831 gssbuf.length = len; |
828 mic.value = buffer_get_string(m, &len); |
832 @@ -1832,8 +1855,8 @@ mm_answer_gss_userok(int sock, Buffer *m |
829 @@ -1835,6 +1867,9 @@ mm_answer_gss_userok(int sock, Buffer *m |
833 { |
830 if (!options.gss_authentication) |
834 int authenticated; |
831 fatal("%s: GSSAPI authentication not enabled", __func__); |
835 |
832 |
836 - if (!options.gss_authentication) |
|
837 - fatal("%s: GSSAPI authentication not enabled", __func__); |
833 + if (!options.gss_authentication && !options.gss_keyex) |
838 + if (!options.gss_authentication && !options.gss_keyex) |
834 + fatal("In GSSAPI monitor when GSSAPI is disabled"); |
839 + fatal("In GSSAPI monitor when GSSAPI is disabled"); |
835 + |
840 |
836 authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); |
841 authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); |
837 |
842 |
838 buffer_clear(m); |
843 @@ -1848,5 +1871,47 @@ mm_answer_gss_userok(int sock, Buffer *m |
839 @@ -1848,5 +1883,47 @@ mm_answer_gss_userok(int sock, Buffer *m |
|
840 /* Monitor loop will terminate if authenticated */ |
844 /* Monitor loop will terminate if authenticated */ |
841 return (authenticated); |
845 return (authenticated); |
842 } |
846 } |
843 + |
847 + |
844 +int |
848 +int |