| version 1.34, 2023/03/31 04:22:27 |
version 1.35, 2024/05/17 00:30:23 |
|
|
| #define SSH_GSSAPI_MAX_MECHS 2048 |
#define SSH_GSSAPI_MAX_MECHS 2048 |
| |
|
| extern ServerOptions options; |
extern ServerOptions options; |
| |
extern struct authmethod_cfg methodcfg_gssapi; |
| |
|
| static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh); |
static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh); |
| static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh); |
static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh); |
|
|
| return (0); |
return (0); |
| } |
} |
| |
|
| if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { |
if (GSS_ERROR(mm_ssh_gssapi_server_ctx(&ctxt, &goid))) { |
| if (ctxt != NULL) |
if (ctxt != NULL) |
| ssh_gssapi_delete_ctx(&ctxt); |
ssh_gssapi_delete_ctx(&ctxt); |
| free(doid); |
free(doid); |
|
|
| size_t len; |
size_t len; |
| int r; |
int r; |
| |
|
| if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
if (authctxt == NULL) |
| fatal("No authentication or GSSAPI context"); |
fatal("No authentication or GSSAPI context"); |
| |
|
| gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
|
|
| |
|
| recv_tok.value = p; |
recv_tok.value = p; |
| recv_tok.length = len; |
recv_tok.length = len; |
| maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
| &send_tok, &flags)); |
&send_tok, &flags); |
| |
|
| free(p); |
free(p); |
| |
|
|
|
| u_char *p; |
u_char *p; |
| size_t len; |
size_t len; |
| |
|
| if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
if (authctxt == NULL) |
| fatal("No authentication or GSSAPI context"); |
fatal("No authentication or GSSAPI context"); |
| |
|
| gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
|
|
| recv_tok.length = len; |
recv_tok.length = len; |
| |
|
| /* Push the error token into GSSAPI to see what it says */ |
/* Push the error token into GSSAPI to see what it says */ |
| maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
| &send_tok, NULL)); |
&send_tok, NULL); |
| |
|
| free(recv_tok.value); |
free(recv_tok.value); |
| |
|
|
|
| int r, authenticated; |
int r, authenticated; |
| const char *displayname; |
const char *displayname; |
| |
|
| if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
if (authctxt == NULL) |
| fatal("No authentication or GSSAPI context"); |
fatal("No authentication or GSSAPI context"); |
| |
|
| /* |
/* |
|
|
| if ((r = sshpkt_get_end(ssh)) != 0) |
if ((r = sshpkt_get_end(ssh)) != 0) |
| fatal_fr(r, "parse packet"); |
fatal_fr(r, "parse packet"); |
| |
|
| authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
authenticated = mm_ssh_gssapi_userok(authctxt->user); |
| |
|
| if ((!use_privsep || mm_is_monitor()) && |
|
| (displayname = ssh_gssapi_displayname()) != NULL) |
|
| auth2_record_info(authctxt, "%s", displayname); |
|
| |
|
| authctxt->postponed = 0; |
authctxt->postponed = 0; |
| ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
| ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
|
|
| u_char *p; |
u_char *p; |
| size_t len; |
size_t len; |
| |
|
| if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
if (authctxt == NULL) |
| fatal("No authentication or GSSAPI context"); |
fatal("No authentication or GSSAPI context"); |
| |
|
| gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
|
|
| fatal_f("sshbuf_mutable_ptr failed"); |
fatal_f("sshbuf_mutable_ptr failed"); |
| gssbuf.length = sshbuf_len(b); |
gssbuf.length = sshbuf_len(b); |
| |
|
| if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
if (!GSS_ERROR(mm_ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))) |
| authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
authenticated = mm_ssh_gssapi_userok(authctxt->user); |
| else |
else |
| logit("GSSAPI MIC check failed"); |
logit("GSSAPI MIC check failed"); |
| |
|
| sshbuf_free(b); |
sshbuf_free(b); |
| free(mic.value); |
free(mic.value); |
| |
|
| if ((!use_privsep || mm_is_monitor()) && |
|
| (displayname = ssh_gssapi_displayname()) != NULL) |
|
| auth2_record_info(authctxt, "%s", displayname); |
|
| |
|
| authctxt->postponed = 0; |
authctxt->postponed = 0; |
| ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
| ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
|
|
| } |
} |
| |
|
| Authmethod method_gssapi = { |
Authmethod method_gssapi = { |
| "gssapi-with-mic", |
&methodcfg_gssapi, |
| NULL, |
|
| userauth_gssapi, |
userauth_gssapi, |
| &options.gss_authentication |
|
| }; |
}; |
| #endif |
#endif |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth2-gss.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh