From e4134ba32930da714d7b5b73be87ff8303cb872a Mon Sep 17 00:00:00 2001 From: Andreas Gunnarsson Date: Sat, 24 Oct 2009 11:13:55 +0000 Subject: Let the client detect if the server supports roaming by looking for the resume@appgate.com kex algorithm. ok markus@ --- usr.bin/ssh/kex.c | 13 ++++++++++++- usr.bin/ssh/kex.h | 4 +++- usr.bin/ssh/sshconnect2.c | 7 ++++++- 3 files changed, 21 insertions(+), 3 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 9e2a81242e5..e7bd7a48a9f 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.81 2009/05/27 06:34:36 andreas Exp $ */ +/* $OpenBSD: kex.c,v 1.82 2009/10/24 11:13:54 andreas Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -45,6 +45,7 @@ #include "match.h" #include "dispatch.h" #include "monitor.h" +#include "roaming.h" /* prototype */ static void kex_kexinit_finish(Kex *); @@ -373,6 +374,16 @@ kex_choose_conf(Kex *kex) sprop=peer; } + /* Check whether server offers roaming */ + if (!kex->server) { + char *roaming; + roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL); + if (roaming) { + kex->roaming = 1; + xfree(roaming); + } + } + /* Algorithm Negotiation */ for (mode = 0; mode < MODE_MAX; mode++) { newkeys = xcalloc(1, sizeof(*newkeys)); diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index ba2529925be..6f904186567 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.47 2009/05/27 06:34:36 andreas Exp $ */ +/* $OpenBSD: kex.h,v 1.48 2009/10/24 11:13:54 andreas Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -35,6 +35,7 @@ #define KEX_DH14 "diffie-hellman-group14-sha1" #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" +#define KEX_RESUME "resume@appgate.com" #define COMP_NONE 0 #define COMP_ZLIB 1 @@ -115,6 +116,7 @@ struct Kex { char *name; int hostkey_type; int kex_type; + int roaming; Buffer my; Buffer peer; sig_atomic_t done; diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index cb0ce0915e2..0445a0fb0e6 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.172 2009/10/23 01:57:11 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -146,6 +146,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) dispatch_run(DISPATCH_BLOCK, &kex->done, kex); + if (options.use_roaming && !kex->roaming) { + debug("Roaming not allowed by server"); + options.use_roaming = 0; + } + session_id2 = kex->session_id; session_id2_len = kex->session_id_len; -- cgit v1.2.3