src/usr.bin/ssh/gss-serv.c - diff

Return to gss-serv.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/gss-serv.c between version 1.8 and 1.8.2.2

version 1.8, 2005/08/30 22:08:05

version 1.8.2.2, 2006/10/06 03:19:32

Line 1

/* $OpenBSD$ */

Line 24

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#include "includes.h"

#include <sys/types.h>

#ifdef GSSAPI

#include "bufaux.h"

#include <string.h>

#include "compat.h"

#include "xmalloc.h"

#include "buffer.h"

#include "key.h"

#include "hostfile.h"

#include "auth.h"

#include "log.h"

#include "channels.h"

#include "session.h"

#include "servconf.h"

#include "misc.h"

#include "monitor_wrap.h"

#include "xmalloc.h"

#include "getput.h"

#include "ssh-gss.h"

extern ServerOptions options;

static ssh_gssapi_client gssapi_client =

{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,

GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};

Line 61

Line 60

&gssapi_null_mech,

};

/* Unpriviledged */

/* Unprivileged */

void

ssh_gssapi_supported_oids(gss_OID_set *oidset)

{

Line 82

Line 81

&supported_mechs[i]->oid, oidset);

i++;

}

gss_release_oid_set(&min_status, &supported);

}

Line 90

Line 91

* oid

* credentials (from ssh_gssapi_acquire_cred)

/* Priviledged */

/* Privileged */

OM_uint32

ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,

gss_buffer_desc *send_tok, OM_uint32 *flags)

Line 138

Line 139

OM_uint32 offset;

OM_uint32 oidl;

tok=ename->value;

tok = ename->value;

* Check that ename is long enough for all of the fixed length

* header, and that the initial ID bytes are correct

if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0)

if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0)

return GSS_S_FAILURE;

Line 155

Line 156

* second without.

oidl = GET_16BIT(tok+2); /* length including next two bytes */

oidl = get_u16(tok+2); /* length including next two bytes */

oidl = oidl-2; /* turn it into the _real_ length of the variable OID */

Line 164

Line 165

if (tok[4] != 0x06 || tok[5] != oidl ||

ename->length < oidl+6 ||

!ssh_gssapi_check_oid(ctx,tok+6,oidl))

!ssh_gssapi_check_oid(ctx, tok+6, oidl))

return GSS_S_FAILURE;

offset = oidl+6;

Line 172

Line 173

if (ename->length < offset+4)

return GSS_S_FAILURE;

name->length = GET_32BIT(tok+offset);

name->length = get_u32(tok+offset);

offset += 4;

if (ename->length < offset+name->length)

return GSS_S_FAILURE;

name->value = xmalloc(name->length+1);

memcpy(name->value,tok+offset,name->length);

memcpy(name->value, tok+offset, name->length);

((char *)name->value)[name->length] = 0;

return GSS_S_COMPLETE;

Line 188

Line 189

/* Extract the client details from a given context. This can only reliably

* be called once for a context */

/* Priviledged (called from accept_secure_ctx) */

/* Privileged (called from accept_secure_ctx) */

OM_uint32

ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)

{

Line 238

Line 239

{

if (gssapi_client.store.filename != NULL) {

/* Unlink probably isn't sufficient */

debug("removing gssapi cred file\"%s\"", gssapi_client.store.filename);

debug("removing gssapi cred file\"%s\"",

gssapi_client.store.filename);

unlink(gssapi_client.store.filename);

}

Line 263

Line 265

if (gssapi_client.store.envvar != NULL &&

gssapi_client.store.envval != NULL) {

debug("Setting %s to %s", gssapi_client.store.envvar,

gssapi_client.store.envval);

child_set_env(envp, envsizep, gssapi_client.store.envvar,

gssapi_client.store.envval);

}

/* Priviledged */

/* Privileged */

int

ssh_gssapi_userok(char *user)

{

Line 298

Line 299

return (0);

}

/* Priviledged */

/* Privileged */

OM_uint32

ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)

{