[BACK]Return to gss-genr.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/gss-genr.c between version 1.4.2.2 and 1.5

version 1.4.2.2, 2006/10/06 03:19:32 version 1.5, 2005/10/13 14:03:01
Line 1 
Line 1 
 /* $OpenBSD$ */  /*      $OpenBSD$       */
   
 /*  /*
  * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.   * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
  *   *
  * Redistribution and use in source and binary forms, with or without   * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions   * modification, are permitted provided that the following conditions
Line 24 
Line 24 
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.   * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */   */
   
   #include "includes.h"
   
 #ifdef GSSAPI  #ifdef GSSAPI
   
 #include <sys/param.h>  
   
 #include <string.h>  
 #include <stdarg.h>  
   
 #include "xmalloc.h"  #include "xmalloc.h"
 #include "buffer.h"  #include "bufaux.h"
 #include "log.h"  #include "log.h"
 #include "ssh2.h"  #include "ssh2.h"
   
Line 75 
Line 72 
 void  void
 ssh_gssapi_error(Gssctxt *ctxt)  ssh_gssapi_error(Gssctxt *ctxt)
 {  {
         char *s;          debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL));
   
         s = ssh_gssapi_last_error(ctxt, NULL, NULL);  
         debug("%s", s);  
         xfree(s);  
 }  }
   
 char *  char *
Line 138 
Line 131 
 void  void
 ssh_gssapi_build_ctx(Gssctxt **ctx)  ssh_gssapi_build_ctx(Gssctxt **ctx)
 {  {
         *ctx = xcalloc(1, sizeof (Gssctxt));          *ctx = xmalloc(sizeof (Gssctxt));
           (*ctx)->major = 0;
           (*ctx)->minor = 0;
         (*ctx)->context = GSS_C_NO_CONTEXT;          (*ctx)->context = GSS_C_NO_CONTEXT;
         (*ctx)->name = GSS_C_NO_NAME;          (*ctx)->name = GSS_C_NO_NAME;
         (*ctx)->oid = GSS_C_NO_OID;          (*ctx)->oid = GSS_C_NO_OID;
Line 208 
Line 203 
 ssh_gssapi_import_name(Gssctxt *ctx, const char *host)  ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
 {  {
         gss_buffer_desc gssbuf;          gss_buffer_desc gssbuf;
         char *val;  
   
         xasprintf(&val, "host@%s", host);          gssbuf.length = sizeof("host@") + strlen(host);
         gssbuf.value = val;          gssbuf.value = xmalloc(gssbuf.length);
         gssbuf.length = strlen(gssbuf.value);          snprintf(gssbuf.value, gssbuf.length, "host@%s", host);
   
         if ((ctx->major = gss_import_name(&ctx->minor,          if ((ctx->major = gss_import_name(&ctx->minor,
             &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))              &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
Line 237 
Line 231 
         gss_create_empty_oid_set(&status, &oidset);          gss_create_empty_oid_set(&status, &oidset);
         gss_add_oid_set_member(&status, ctx->oid, &oidset);          gss_add_oid_set_member(&status, ctx->oid, &oidset);
   
         if (gethostname(lname, MAXHOSTNAMELEN)) {          if (gethostname(lname, MAXHOSTNAMELEN))
                 gss_release_oid_set(&status, &oidset);  
                 return (-1);                  return (-1);
         }  
   
         if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {          if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname)))
                 gss_release_oid_set(&status, &oidset);  
                 return (ctx->major);                  return (ctx->major);
         }  
   
         if ((ctx->major = gss_acquire_cred(&ctx->minor,          if ((ctx->major = gss_acquire_cred(&ctx->minor,
             ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))              ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
Line 278 
Line 268 
 }  }
   
 OM_uint32  OM_uint32
 ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)  ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
 {  
         if (*ctx)          if (*ctx)
                 ssh_gssapi_delete_ctx(ctx);                  ssh_gssapi_delete_ctx(ctx);
         ssh_gssapi_build_ctx(ctx);          ssh_gssapi_build_ctx(ctx);
         ssh_gssapi_set_oid(*ctx, oid);          ssh_gssapi_set_oid(*ctx, oid);
         return (ssh_gssapi_acquire_cred(*ctx));          return (ssh_gssapi_acquire_cred(*ctx));
 }  
   
 int  
 ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)  
 {  
         gss_buffer_desc token = GSS_C_EMPTY_BUFFER;  
         OM_uint32 major, minor;  
         gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};  
   
         /* RFC 4462 says we MUST NOT do SPNEGO */  
         if (oid->length == spnego_oid.length &&  
             (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0))  
                 return 0; /* false */  
   
         ssh_gssapi_build_ctx(ctx);  
         ssh_gssapi_set_oid(*ctx, oid);  
         major = ssh_gssapi_import_name(*ctx, host);  
         if (!GSS_ERROR(major)) {  
                 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,  
                     NULL);  
                 gss_release_buffer(&minor, &token);  
                 if ((*ctx)->context != GSS_C_NO_CONTEXT)  
                         gss_delete_sec_context(&minor, &(*ctx)->context,  
                             GSS_C_NO_BUFFER);  
         }  
   
         if (GSS_ERROR(major))  
                 ssh_gssapi_delete_ctx(ctx);  
   
         return (!GSS_ERROR(major));  
 }  }
   
 #endif /* GSSAPI */  #endif /* GSSAPI */
Legend:
Removed from v.1.4.2.2  
changed lines
  Added in v.1.5