1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Revert KEX_MAX_CONF system from the GSS kex patch.

Commit d515e4f1a went through a lot of very different shapes before it
was finally pushed. In some of them, GSS kex had its own value in the
kex enumeration, but it was used in ssh.c but not in config.c
(because, as in the final version, it wasn't configured by the same
drag-list system as the rest of them). So we had to distinguish the
set of key exchange ids known to the program as a whole from the set
controllable in the configuration.

In the final version, GSS kex ended up even more separated from the
kex enumeration than that: the enum value KEX_GSS_SHA1_K5 isn't used
at all. Instead, GSS key exchange appears in the list at the point of
translation from the list of enum values into the list of pointers to
data structures full of kex methods.

But after all the changes, everyone involved forgot to revert the part
of the patch which split KEX_MAX in two and introduced the pointless
value KEX_GSS_SHA1_K5! Better late than never: I'm reverting it now,
to avoid confusion, and because I don't have any reason to think the
distinction will be useful for any other purpose.
This commit is contained in:
Simon Tatham 2018-05-01 07:41:01 +01:00
parent d6bdcfa75c
commit 839ed84e59
4 changed files with 8 additions and 16 deletions

View File

@ -442,7 +442,7 @@ static void kexlist_handler(union control *ctrl, void *dlg,
/* (kexlist assumed to contain all algorithms) */ /* (kexlist assumed to contain all algorithms) */
dlg_update_start(ctrl, dlg); dlg_update_start(ctrl, dlg);
dlg_listbox_clear(ctrl, dlg); dlg_listbox_clear(ctrl, dlg);
for (i = 0; i < KEX_MAX_CONF; i++) { for (i = 0; i < KEX_MAX; i++) {
int k = conf_get_int_int(conf, CONF_ssh_kexlist, i); int k = conf_get_int_int(conf, CONF_ssh_kexlist, i);
int j; int j;
const char *kstr = NULL; const char *kstr = NULL;
@ -460,7 +460,7 @@ static void kexlist_handler(union control *ctrl, void *dlg,
int i; int i;
/* Update array to match the list box. */ /* Update array to match the list box. */
for (i=0; i < KEX_MAX_CONF; i++) for (i=0; i < KEX_MAX; i++)
conf_set_int_int(conf, CONF_ssh_kexlist, i, conf_set_int_int(conf, CONF_ssh_kexlist, i,
dlg_listbox_getid(ctrl, dlg, i)); dlg_listbox_getid(ctrl, dlg, i));
} }
@ -2402,7 +2402,7 @@ void setup_config_box(struct controlbox *b, int midsession,
c = ctrl_draglist(s, "Algorithm selection policy:", 's', c = ctrl_draglist(s, "Algorithm selection policy:", 's',
HELPCTX(ssh_kexlist), HELPCTX(ssh_kexlist),
kexlist_handler, P(NULL)); kexlist_handler, P(NULL));
c->listbox.height = KEX_MAX_CONF; c->listbox.height = KEX_MAX;
ctrl_checkbox(s, "Attempt GSSAPI key exchange", ctrl_checkbox(s, "Attempt GSSAPI key exchange",
'k', HELPCTX(ssh_gssapi), 'k', HELPCTX(ssh_gssapi),
conf_checkbox_handler, conf_checkbox_handler,

View File

@ -271,14 +271,6 @@ enum {
KEX_DHGEX, KEX_DHGEX,
KEX_RSA, KEX_RSA,
KEX_ECDH, KEX_ECDH,
/*
* KEX_MAX_CONF is a boundary between statically and dynamically configured
* KEXes, without creating a gap in the numbering, allowing easy addition
* of vaues on either side
*/
KEX_MAX_CONF, KEX_DUMMY = KEX_MAX_CONF-1,
/* Kexes from here to KEX_MAX are not explicitly configurable */
KEX_GSS_SHA1_K5,
KEX_MAX KEX_MAX
}; };

View File

@ -571,7 +571,7 @@ void save_open_settings(void *sesskey, Conf *conf)
write_setting_i(sesskey, "GssapiFwd", conf_get_int(conf, CONF_gssapifwd)); write_setting_i(sesskey, "GssapiFwd", conf_get_int(conf, CONF_gssapifwd));
write_setting_i(sesskey, "ChangeUsername", conf_get_int(conf, CONF_change_username)); write_setting_i(sesskey, "ChangeUsername", conf_get_int(conf, CONF_change_username));
wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist); wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist);
wprefs(sesskey, "KEX", kexnames, KEX_MAX_CONF, conf, CONF_ssh_kexlist); wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist); wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist);
write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time)); write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time));
write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey)); write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey));
@ -954,7 +954,7 @@ void load_open_settings(void *sesskey, Conf *conf)
* Mentioned here as it is remotely possible that it will turn * Mentioned here as it is remotely possible that it will turn
* up in someone's saved settings in future.) */ * up in someone's saved settings in future.) */
gprefs_from_str(raw, kexnames, KEX_MAX_CONF, conf, CONF_ssh_kexlist); gprefs_from_str(raw, kexnames, KEX_MAX, conf, CONF_ssh_kexlist);
sfree(raw); sfree(raw);
} }
gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN", gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN",

4
ssh.c
View File

@ -6534,7 +6534,7 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
int can_gssapi_keyex; int can_gssapi_keyex;
int need_gss_transient_hostkey; int need_gss_transient_hostkey;
int warned_about_no_gss_transient_hostkey; int warned_about_no_gss_transient_hostkey;
const struct ssh_kexes *preferred_kex[KEX_MAX]; const struct ssh_kexes *preferred_kex[KEX_MAX + 1]; /* +1 for GSSAPI */
int n_preferred_hk; int n_preferred_hk;
int preferred_hk[HK_MAX]; int preferred_hk[HK_MAX];
int n_preferred_ciphers; int n_preferred_ciphers;
@ -6645,7 +6645,7 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
s->n_preferred_kex = 0; s->n_preferred_kex = 0;
if (s->can_gssapi_keyex) if (s->can_gssapi_keyex)
s->preferred_kex[s->n_preferred_kex++] = &ssh_gssk5_sha1_kex; s->preferred_kex[s->n_preferred_kex++] = &ssh_gssk5_sha1_kex;
for (i = 0; i < KEX_MAX_CONF; i++) { for (i = 0; i < KEX_MAX; i++) {
switch (conf_get_int_int(ssh->conf, CONF_ssh_kexlist, i)) { switch (conf_get_int_int(ssh->conf, CONF_ssh_kexlist, i)) {
case KEX_DHGEX: case KEX_DHGEX:
s->preferred_kex[s->n_preferred_kex++] = s->preferred_kex[s->n_preferred_kex++] =