src/usr.bin/ssh/auth2-gss.c - diff

Return to auth2-gss.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth2-gss.c between version 1.5 and 1.6

version 1.5, 2003/11/02 11:01:03

version 1.6, 2003/11/17 11:06:07

Line 43

extern ServerOptions options;

static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);

static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);

static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);

static void input_gssapi_errtok(int, u_int32_t, void *);

Line 129

Line 130

Gssctxt *gssctxt;

gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;

gss_buffer_desc recv_tok;

OM_uint32 maj_status, min_status;

OM_uint32 maj_status, min_status, flags;

u_int len;

if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))

Line 142

Line 143

packet_check_eom();

maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,

&send_tok, NULL));

&send_tok, &flags));

xfree(recv_tok.value);

Line 154

Line 155

}

authctxt->postponed = 0;

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);

userauth_finish(authctxt, 0, "gssapi");

userauth_finish(authctxt, 0, "gssapi-with-mic");

} else {

if (send_tok.length != 0) {

packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);

Line 163

Line 164

}

if (maj_status == GSS_S_COMPLETE) {

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,

if (flags & GSS_C_INTEG_FLAG)

&input_gssapi_exchange_complete);

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC,

&input_gssapi_mic);

else

dispatch_set(

SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,

&input_gssapi_exchange_complete);

}

Line 224

Line 230

gssctxt = authctxt->methoddata;

* We don't need to check the status, because the stored credentials

* We don't need to check the status, because we're only enabled in

* which userok uses are only populated once the context init step

* the dispatcher once the exchange is complete

* has returned complete.

packet_check_eom();

Line 236

Line 241

authctxt->postponed = 0;

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);

userauth_finish(authctxt, authenticated, "gssapi");

userauth_finish(authctxt, authenticated, "gssapi-with-mic");

}

static void

input_gssapi_mic(int type, u_int32_t plen, void *ctxt)

{

Authctxt *authctxt = ctxt;

Gssctxt *gssctxt;

int authenticated = 0;

Buffer b;

gss_buffer_desc mic, gssbuf;

u_int len;

if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))

fatal("No authentication or GSSAPI context");

gssctxt = authctxt->methoddata;

mic.value = packet_get_string(&len);

mic.length = len;

ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,

"gssapi-with-mic");

gssbuf.value = buffer_ptr(&b);

gssbuf.length = buffer_len(&b);

if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))

authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));

else

logit("GSSAPI MIC check failed");

buffer_free(&b);

xfree(mic.value);

authctxt->postponed = 0;

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);

dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);

userauth_finish(authctxt, authenticated, "gssapi-with-mic");

}

Authmethod method_gssapi = {

"gssapi",

"gssapi-with-mic",

userauth_gssapi,

&options.gss_authentication

};