version 1.34, 2023/03/31 04:22:27 |
version 1.35, 2024/05/17 00:30:23 |
|
|
#define SSH_GSSAPI_MAX_MECHS 2048 |
#define SSH_GSSAPI_MAX_MECHS 2048 |
|
|
extern ServerOptions options; |
extern ServerOptions options; |
|
extern struct authmethod_cfg methodcfg_gssapi; |
|
|
static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh); |
static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh); |
static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh); |
static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh); |
|
|
return (0); |
return (0); |
} |
} |
|
|
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { |
if (GSS_ERROR(mm_ssh_gssapi_server_ctx(&ctxt, &goid))) { |
if (ctxt != NULL) |
if (ctxt != NULL) |
ssh_gssapi_delete_ctx(&ctxt); |
ssh_gssapi_delete_ctx(&ctxt); |
free(doid); |
free(doid); |
|
|
size_t len; |
size_t len; |
int r; |
int r; |
|
|
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
if (authctxt == NULL) |
fatal("No authentication or GSSAPI context"); |
fatal("No authentication or GSSAPI context"); |
|
|
gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
|
|
|
|
recv_tok.value = p; |
recv_tok.value = p; |
recv_tok.length = len; |
recv_tok.length = len; |
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
&send_tok, &flags)); |
&send_tok, &flags); |
|
|
free(p); |
free(p); |
|
|
|
|
u_char *p; |
u_char *p; |
size_t len; |
size_t len; |
|
|
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
if (authctxt == NULL) |
fatal("No authentication or GSSAPI context"); |
fatal("No authentication or GSSAPI context"); |
|
|
gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
|
|
recv_tok.length = len; |
recv_tok.length = len; |
|
|
/* Push the error token into GSSAPI to see what it says */ |
/* Push the error token into GSSAPI to see what it says */ |
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
&send_tok, NULL)); |
&send_tok, NULL); |
|
|
free(recv_tok.value); |
free(recv_tok.value); |
|
|
|
|
int r, authenticated; |
int r, authenticated; |
const char *displayname; |
const char *displayname; |
|
|
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
if (authctxt == NULL) |
fatal("No authentication or GSSAPI context"); |
fatal("No authentication or GSSAPI context"); |
|
|
/* |
/* |
|
|
if ((r = sshpkt_get_end(ssh)) != 0) |
if ((r = sshpkt_get_end(ssh)) != 0) |
fatal_fr(r, "parse packet"); |
fatal_fr(r, "parse packet"); |
|
|
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
authenticated = mm_ssh_gssapi_userok(authctxt->user); |
|
|
if ((!use_privsep || mm_is_monitor()) && |
|
(displayname = ssh_gssapi_displayname()) != NULL) |
|
auth2_record_info(authctxt, "%s", displayname); |
|
|
|
authctxt->postponed = 0; |
authctxt->postponed = 0; |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
|
|
u_char *p; |
u_char *p; |
size_t len; |
size_t len; |
|
|
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
if (authctxt == NULL) |
fatal("No authentication or GSSAPI context"); |
fatal("No authentication or GSSAPI context"); |
|
|
gssctxt = authctxt->methoddata; |
gssctxt = authctxt->methoddata; |
|
|
fatal_f("sshbuf_mutable_ptr failed"); |
fatal_f("sshbuf_mutable_ptr failed"); |
gssbuf.length = sshbuf_len(b); |
gssbuf.length = sshbuf_len(b); |
|
|
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
if (!GSS_ERROR(mm_ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))) |
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
authenticated = mm_ssh_gssapi_userok(authctxt->user); |
else |
else |
logit("GSSAPI MIC check failed"); |
logit("GSSAPI MIC check failed"); |
|
|
sshbuf_free(b); |
sshbuf_free(b); |
free(mic.value); |
free(mic.value); |
|
|
if ((!use_privsep || mm_is_monitor()) && |
|
(displayname = ssh_gssapi_displayname()) != NULL) |
|
auth2_record_info(authctxt, "%s", displayname); |
|
|
|
authctxt->postponed = 0; |
authctxt->postponed = 0; |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
|
|
} |
} |
|
|
Authmethod method_gssapi = { |
Authmethod method_gssapi = { |
"gssapi-with-mic", |
&methodcfg_gssapi, |
NULL, |
|
userauth_gssapi, |
userauth_gssapi, |
&options.gss_authentication |
|
}; |
}; |
#endif |
#endif |