version 1.29, 2018/07/31 03:10:27 |
version 1.30, 2020/10/18 11:32:01 |
|
|
u_char *doid = NULL; |
u_char *doid = NULL; |
|
|
if ((r = sshpkt_get_u32(ssh, &mechs)) != 0) |
if ((r = sshpkt_get_u32(ssh, &mechs)) != 0) |
fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
|
|
if (mechs == 0) { |
if (mechs == 0) { |
debug("Mechanism negotiation is not supported"); |
debug("Mechanism negotiation is not supported"); |
|
|
|
|
present = 0; |
present = 0; |
if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0) |
if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0) |
fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse oid"); |
|
|
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && |
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && |
doid[1] == len - 2) { |
doid[1] == len - 2) { |
|
|
} |
} |
|
|
if (!authctxt->valid || authctxt->user == NULL) { |
if (!authctxt->valid || authctxt->user == NULL) { |
debug2("%s: disabled because of invalid user", __func__); |
debug2_f("disabled because of invalid user"); |
free(doid); |
free(doid); |
return (0); |
return (0); |
} |
} |
|
|
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 || |
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 || |
(r = sshpkt_put_string(ssh, doid, len)) != 0 || |
(r = sshpkt_put_string(ssh, doid, len)) != 0 || |
(r = sshpkt_send(ssh)) != 0) |
(r = sshpkt_send(ssh)) != 0) |
fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "send packet"); |
|
|
free(doid); |
free(doid); |
|
|
|
|
gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || |
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || |
(r = sshpkt_get_end(ssh)) != 0) |
(r = sshpkt_get_end(ssh)) != 0) |
fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
|
|
recv_tok.value = p; |
recv_tok.value = p; |
recv_tok.length = len; |
recv_tok.length = len; |
|
|
(r = sshpkt_put_string(ssh, send_tok.value, |
(r = sshpkt_put_string(ssh, send_tok.value, |
send_tok.length)) != 0 || |
send_tok.length)) != 0 || |
(r = sshpkt_send(ssh)) != 0) |
(r = sshpkt_send(ssh)) != 0) |
fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "send ERRTOK packet"); |
} |
} |
authctxt->postponed = 0; |
authctxt->postponed = 0; |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
|
|
(r = sshpkt_put_string(ssh, send_tok.value, |
(r = sshpkt_put_string(ssh, send_tok.value, |
send_tok.length)) != 0 || |
send_tok.length)) != 0 || |
(r = sshpkt_send(ssh)) != 0) |
(r = sshpkt_send(ssh)) != 0) |
fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "send TOKEN packet"); |
} |
} |
if (maj_status == GSS_S_COMPLETE) { |
if (maj_status == GSS_S_COMPLETE) { |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
|
|
gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || |
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || |
(r = sshpkt_get_end(ssh)) != 0) |
(r = sshpkt_get_end(ssh)) != 0) |
fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
recv_tok.value = p; |
recv_tok.value = p; |
recv_tok.length = len; |
recv_tok.length = len; |
|
|
|
|
*/ |
*/ |
|
|
if ((r = sshpkt_get_end(ssh)) != 0) |
if ((r = sshpkt_get_end(ssh)) != 0) |
fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
|
|
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
|
|
|
|
gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
|
|
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0) |
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0) |
fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
if ((b = sshbuf_new()) == NULL) |
if ((b = sshbuf_new()) == NULL) |
fatal("%s: sshbuf_new failed", __func__); |
fatal_f("sshbuf_new failed"); |
mic.value = p; |
mic.value = p; |
mic.length = len; |
mic.length = len; |
ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, |
ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, |
"gssapi-with-mic"); |
"gssapi-with-mic"); |
|
|
if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) |
if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) |
fatal("%s: sshbuf_mutable_ptr failed", __func__); |
fatal_f("sshbuf_mutable_ptr failed"); |
gssbuf.length = sshbuf_len(b); |
gssbuf.length = sshbuf_len(b); |
|
|
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |