From ebd631fb1f7ea59f44c3031bee6b9b1b126c6280 Mon Sep 17 00:00:00 2001
From: ulrich1919 <ulrich.ferenc@gmail.com>
Date: Thu, 12 Sep 2024 08:05:22 +0000
Subject: [PATCH] Fixes #1713: ncm-ssh add ssh/sshd option GSSAPIKexAlgorithms
 to schema.pan

---
 ncm-ssh/src/main/pan/components/ssh/schema.pan | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ncm-ssh/src/main/pan/components/ssh/schema.pan b/ncm-ssh/src/main/pan/components/ssh/schema.pan
index 04f1b3e86b..45b4800298 100644
--- a/ncm-ssh/src/main/pan/components/ssh/schema.pan
+++ b/ncm-ssh/src/main/pan/components/ssh/schema.pan
@@ -24,6 +24,8 @@ type ssh_kbdinteractivedevices = string with match (SELF, "^(bsdauth|pam|skey)$"
 type ssh_kexalgorithms = string with match (SELF, "^(diffie-hellman-group-exchange-sha256|" +
     "ecdh-sha2-nistp(256|384|521)|curve25519-sha256@libssh.org)$");
 type ssh_MACs = string with is_valid_ssh_MAC(SELF);
+type ssh_gssapikexalgorithms = string with match (SELF, "^(gss-gex-sha1-|gss-group1-sha1-|" +
+    "gss-group14-sha1-|gss-group14-sha256-|gss-group16-sha512-|gss-nistp256-sha256-|gss-curve25519-sha256-)$");
 
 function is_valid_ssh_MAC = {
     match(ARGV[0], "^(hmac-(sha2-256|sha2-512|ripemd160)|(hmac-ripemd160|umac-64|umac-128|hmac-sha2-256-etm" +
@@ -73,6 +75,7 @@ type ssh_core_options_type = {
     "Compression" ? string with match (SELF, '^(yes|delayed|no)$')
     "GSSAPIAuthentication" ? legacy_binary_affirmation_string
     "GSSAPICleanupCredentials" ? legacy_binary_affirmation_string
+    "GSSAPIKexAlgorithms" ? ssh_gssapikexalgorithms[]
     "GSSAPIKeyExchange" ? legacy_binary_affirmation_string
     "GatewayPorts" ? legacy_binary_affirmation_string
     "HostbasedAuthentication" ? legacy_binary_affirmation_string