- andreas@cvs.openbsd.org 2009/10/24 11:13:54
[sshconnect2.c kex.h kex.c]
Let the client detect if the server supports roaming by looking
for the resume@appgate.com kex algorithm.
ok markus@
diff --git a/ChangeLog b/ChangeLog
index 5935fa6..68f772b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,11 @@
[roaming.h]
Declarations needed for upcoming changes.
ok markus@
+ - andreas@cvs.openbsd.org 2009/10/24 11:13:54
+ [sshconnect2.c kex.h kex.c]
+ Let the client detect if the server supports roaming by looking
+ for the resume@appgate.com kex algorithm.
+ ok markus@
20091226
- (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
diff --git a/kex.c b/kex.c
index f4f44f0..148cfee 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.81 2009/05/27 06:34:36 andreas Exp $ */
+/* $OpenBSD: kex.c,v 1.82 2009/10/24 11:13:54 andreas Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -48,6 +48,7 @@
#include "match.h"
#include "dispatch.h"
#include "monitor.h"
+#include "roaming.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
# if defined(HAVE_EVP_SHA256)
@@ -386,6 +387,16 @@
sprop=peer;
}
+ /* Check whether server offers roaming */
+ if (!kex->server) {
+ char *roaming;
+ roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL);
+ if (roaming) {
+ kex->roaming = 1;
+ xfree(roaming);
+ }
+ }
+
/* Algorithm Negotiation */
for (mode = 0; mode < MODE_MAX; mode++) {
newkeys = xcalloc(1, sizeof(*newkeys));
diff --git a/kex.h b/kex.h
index 68c80c5..1fa1379 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.47 2009/05/27 06:34:36 andreas Exp $ */
+/* $OpenBSD: kex.h,v 1.48 2009/10/24 11:13:54 andreas Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -36,6 +36,7 @@
#define KEX_DH14 "diffie-hellman-group14-sha1"
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
+#define KEX_RESUME "resume@appgate.com"
#define COMP_NONE 0
#define COMP_ZLIB 1
@@ -116,6 +117,7 @@
char *name;
int hostkey_type;
int kex_type;
+ int roaming;
Buffer my;
Buffer peer;
sig_atomic_t done;
diff --git a/sshconnect2.c b/sshconnect2.c
index 1e0e9d5..937bb77 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.172 2009/10/23 01:57:11 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -152,6 +152,11 @@
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
+ if (options.use_roaming && !kex->roaming) {
+ debug("Roaming not allowed by server");
+ options.use_roaming = 0;
+ }
+
session_id2 = kex->session_id;
session_id2_len = kex->session_id_len;