| version 1.29, 2018/07/31 03:10:27 |
version 1.30, 2020/10/18 11:32:01 |
|
|
| u_char *doid = NULL; |
u_char *doid = NULL; |
| |
|
| if ((r = sshpkt_get_u32(ssh, &mechs)) != 0) |
if ((r = sshpkt_get_u32(ssh, &mechs)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
| |
|
| if (mechs == 0) { |
if (mechs == 0) { |
| debug("Mechanism negotiation is not supported"); |
debug("Mechanism negotiation is not supported"); |
|
|
| |
|
| present = 0; |
present = 0; |
| if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0) |
if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse oid"); |
| |
|
| if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && |
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && |
| doid[1] == len - 2) { |
doid[1] == len - 2) { |
|
|
| } |
} |
| |
|
| if (!authctxt->valid || authctxt->user == NULL) { |
if (!authctxt->valid || authctxt->user == NULL) { |
| debug2("%s: disabled because of invalid user", __func__); |
debug2_f("disabled because of invalid user"); |
| free(doid); |
free(doid); |
| return (0); |
return (0); |
| } |
} |
|
|
| if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 || |
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 || |
| (r = sshpkt_put_string(ssh, doid, len)) != 0 || |
(r = sshpkt_put_string(ssh, doid, len)) != 0 || |
| (r = sshpkt_send(ssh)) != 0) |
(r = sshpkt_send(ssh)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "send packet"); |
| |
|
| free(doid); |
free(doid); |
| |
|
|
|
| gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
| if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || |
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || |
| (r = sshpkt_get_end(ssh)) != 0) |
(r = sshpkt_get_end(ssh)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
| |
|
| recv_tok.value = p; |
recv_tok.value = p; |
| recv_tok.length = len; |
recv_tok.length = len; |
|
|
| (r = sshpkt_put_string(ssh, send_tok.value, |
(r = sshpkt_put_string(ssh, send_tok.value, |
| send_tok.length)) != 0 || |
send_tok.length)) != 0 || |
| (r = sshpkt_send(ssh)) != 0) |
(r = sshpkt_send(ssh)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "send ERRTOK packet"); |
| } |
} |
| authctxt->postponed = 0; |
authctxt->postponed = 0; |
| ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
|
|
| (r = sshpkt_put_string(ssh, send_tok.value, |
(r = sshpkt_put_string(ssh, send_tok.value, |
| send_tok.length)) != 0 || |
send_tok.length)) != 0 || |
| (r = sshpkt_send(ssh)) != 0) |
(r = sshpkt_send(ssh)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "send TOKEN packet"); |
| } |
} |
| if (maj_status == GSS_S_COMPLETE) { |
if (maj_status == GSS_S_COMPLETE) { |
| ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
|
|
| gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
| if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || |
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || |
| (r = sshpkt_get_end(ssh)) != 0) |
(r = sshpkt_get_end(ssh)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
| recv_tok.value = p; |
recv_tok.value = p; |
| recv_tok.length = len; |
recv_tok.length = len; |
| |
|
|
|
| */ |
*/ |
| |
|
| if ((r = sshpkt_get_end(ssh)) != 0) |
if ((r = sshpkt_get_end(ssh)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
| |
|
| authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
| |
|
|
|
| gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
| |
|
| if ((r = sshpkt_get_string(ssh, &p, &len)) != 0) |
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0) |
| fatal("%s: %s", __func__, ssh_err(r)); |
fatal_fr(r, "parse packet"); |
| if ((b = sshbuf_new()) == NULL) |
if ((b = sshbuf_new()) == NULL) |
| fatal("%s: sshbuf_new failed", __func__); |
fatal_f("sshbuf_new failed"); |
| mic.value = p; |
mic.value = p; |
| mic.length = len; |
mic.length = len; |
| ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, |
ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, |
| "gssapi-with-mic"); |
"gssapi-with-mic"); |
| |
|
| if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) |
if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) |
| fatal("%s: sshbuf_mutable_ptr failed", __func__); |
fatal_f("sshbuf_mutable_ptr failed"); |
| gssbuf.length = sshbuf_len(b); |
gssbuf.length = sshbuf_len(b); |
| |
|
| if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth2-gss.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh