=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/gss-genr.c,v retrieving revision 1.4.2.2 retrieving revision 1.5 diff -u -r1.4.2.2 -r1.5 --- src/usr.bin/ssh/gss-genr.c 2006/10/06 03:19:32 1.4.2.2 +++ src/usr.bin/ssh/gss-genr.c 2005/10/13 14:03:01 1.5 @@ -1,7 +1,7 @@ -/* $OpenBSD: gss-genr.c,v 1.4.2.2 2006/10/06 03:19:32 brad Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.5 2005/10/13 14:03:01 stevesk Exp $ */ /* - * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. + * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -24,15 +24,12 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "includes.h" + #ifdef GSSAPI -#include - -#include -#include - #include "xmalloc.h" -#include "buffer.h" +#include "bufaux.h" #include "log.h" #include "ssh2.h" @@ -75,11 +72,7 @@ void ssh_gssapi_error(Gssctxt *ctxt) { - char *s; - - s = ssh_gssapi_last_error(ctxt, NULL, NULL); - debug("%s", s); - xfree(s); + debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL)); } char * @@ -138,7 +131,9 @@ void ssh_gssapi_build_ctx(Gssctxt **ctx) { - *ctx = xcalloc(1, sizeof (Gssctxt)); + *ctx = xmalloc(sizeof (Gssctxt)); + (*ctx)->major = 0; + (*ctx)->minor = 0; (*ctx)->context = GSS_C_NO_CONTEXT; (*ctx)->name = GSS_C_NO_NAME; (*ctx)->oid = GSS_C_NO_OID; @@ -208,11 +203,10 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) { gss_buffer_desc gssbuf; - char *val; - xasprintf(&val, "host@%s", host); - gssbuf.value = val; - gssbuf.length = strlen(gssbuf.value); + gssbuf.length = sizeof("host@") + strlen(host); + gssbuf.value = xmalloc(gssbuf.length); + snprintf(gssbuf.value, gssbuf.length, "host@%s", host); if ((ctx->major = gss_import_name(&ctx->minor, &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) @@ -237,15 +231,11 @@ gss_create_empty_oid_set(&status, &oidset); gss_add_oid_set_member(&status, ctx->oid, &oidset); - if (gethostname(lname, MAXHOSTNAMELEN)) { - gss_release_oid_set(&status, &oidset); + if (gethostname(lname, MAXHOSTNAMELEN)) return (-1); - } - if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { - gss_release_oid_set(&status, &oidset); + if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) return (ctx->major); - } if ((ctx->major = gss_acquire_cred(&ctx->minor, ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) @@ -278,43 +268,12 @@ } OM_uint32 -ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) -{ +ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) { if (*ctx) ssh_gssapi_delete_ctx(ctx); ssh_gssapi_build_ctx(ctx); ssh_gssapi_set_oid(*ctx, oid); return (ssh_gssapi_acquire_cred(*ctx)); -} - -int -ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) -{ - gss_buffer_desc token = GSS_C_EMPTY_BUFFER; - OM_uint32 major, minor; - gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; - - /* RFC 4462 says we MUST NOT do SPNEGO */ - if (oid->length == spnego_oid.length && - (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0)) - return 0; /* false */ - - ssh_gssapi_build_ctx(ctx); - ssh_gssapi_set_oid(*ctx, oid); - major = ssh_gssapi_import_name(*ctx, host); - if (!GSS_ERROR(major)) { - major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, - NULL); - gss_release_buffer(&minor, &token); - if ((*ctx)->context != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&minor, &(*ctx)->context, - GSS_C_NO_BUFFER); - } - - if (GSS_ERROR(major)) - ssh_gssapi_delete_ctx(ctx); - - return (!GSS_ERROR(major)); } #endif /* GSSAPI */