version 1.24, 2017/05/30 14:23:52 |
version 1.25, 2017/05/30 14:29:59 |
|
|
* how to check local user kuserok and the like) |
* how to check local user kuserok and the like) |
*/ |
*/ |
static int |
static int |
userauth_gssapi(Authctxt *authctxt) |
userauth_gssapi(struct ssh *ssh) |
{ |
{ |
|
Authctxt *authctxt = ssh->authctxt; |
gss_OID_desc goid = {0, NULL}; |
gss_OID_desc goid = {0, NULL}; |
Gssctxt *ctxt = NULL; |
Gssctxt *ctxt = NULL; |
int mechs; |
int mechs; |
|
|
packet_send(); |
packet_send(); |
free(doid); |
free(doid); |
|
|
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); |
authctxt->postponed = 1; |
authctxt->postponed = 1; |
|
|
return (0); |
return (0); |
|
|
packet_send(); |
packet_send(); |
} |
} |
authctxt->postponed = 0; |
authctxt->postponed = 0; |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
userauth_finish(authctxt, 0, "gssapi-with-mic", NULL); |
userauth_finish(ssh, 0, "gssapi-with-mic", NULL); |
} else { |
} else { |
if (send_tok.length != 0) { |
if (send_tok.length != 0) { |
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); |
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); |
|
|
packet_send(); |
packet_send(); |
} |
} |
if (maj_status == GSS_S_COMPLETE) { |
if (maj_status == GSS_S_COMPLETE) { |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
if (flags & GSS_C_INTEG_FLAG) |
if (flags & GSS_C_INTEG_FLAG) |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, |
&input_gssapi_mic); |
&input_gssapi_mic); |
else |
else |
dispatch_set( |
ssh_dispatch_set(ssh, |
SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, |
SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, |
&input_gssapi_exchange_complete); |
&input_gssapi_exchange_complete); |
} |
} |
|
|
free(recv_tok.value); |
free(recv_tok.value); |
|
|
/* We can't return anything to the client, even if we wanted to */ |
/* We can't return anything to the client, even if we wanted to */ |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
|
|
/* The client will have already moved on to the next auth */ |
/* The client will have already moved on to the next auth */ |
|
|
|
|
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
|
|
authctxt->postponed = 0; |
authctxt->postponed = 0; |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); |
userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); |
userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL); |
return 0; |
return 0; |
} |
} |
|
|
|
|
free(mic.value); |
free(mic.value); |
|
|
authctxt->postponed = 0; |
authctxt->postponed = 0; |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); |
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); |
userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); |
userauth_finish(ssh, authenticated, "gssapi-with-mic", NULL); |
return 0; |
return 0; |
} |
} |
|
|