=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/gss-serv.c,v retrieving revision 1.5.6.2 retrieving revision 1.6 diff -u -r1.5.6.2 -r1.6 --- src/usr.bin/ssh/gss-serv.c 2006/02/03 02:53:44 1.5.6.2 +++ src/usr.bin/ssh/gss-serv.c 2005/06/17 02:44:32 1.6 @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.5.6.2 2006/02/03 02:53:44 brad Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.6 2005/06/17 02:44:32 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -29,16 +29,20 @@ #ifdef GSSAPI #include "bufaux.h" +#include "compat.h" #include "auth.h" #include "log.h" #include "channels.h" #include "session.h" #include "servconf.h" +#include "monitor_wrap.h" #include "xmalloc.h" #include "getput.h" #include "ssh-gss.h" +extern ServerOptions options; + static ssh_gssapi_client gssapi_client = { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; @@ -57,7 +61,7 @@ &gssapi_null_mech, }; -/* Unprivileged */ +/* Unpriviledged */ void ssh_gssapi_supported_oids(gss_OID_set *oidset) { @@ -86,7 +90,7 @@ * oid * credentials (from ssh_gssapi_acquire_cred) */ -/* Privileged */ +/* Priviledged */ OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags) @@ -134,14 +138,14 @@ OM_uint32 offset; OM_uint32 oidl; - tok = ename->value; + tok=ename->value; /* * Check that ename is long enough for all of the fixed length * header, and that the initial ID bytes are correct */ - if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0) + if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0) return GSS_S_FAILURE; /* @@ -160,7 +164,7 @@ */ if (tok[4] != 0x06 || tok[5] != oidl || ename->length < oidl+6 || - !ssh_gssapi_check_oid(ctx, tok+6, oidl)) + !ssh_gssapi_check_oid(ctx,tok+6,oidl)) return GSS_S_FAILURE; offset = oidl+6; @@ -175,7 +179,7 @@ return GSS_S_FAILURE; name->value = xmalloc(name->length+1); - memcpy(name->value, tok+offset,name->length); + memcpy(name->value,tok+offset,name->length); ((char *)name->value)[name->length] = 0; return GSS_S_COMPLETE; @@ -184,7 +188,7 @@ /* Extract the client details from a given context. This can only reliably * be called once for a context */ -/* Privileged (called from accept_secure_ctx) */ +/* Priviledged (called from accept_secure_ctx) */ OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) { @@ -259,41 +263,31 @@ if (gssapi_client.store.envvar != NULL && gssapi_client.store.envval != NULL) { + debug("Setting %s to %s", gssapi_client.store.envvar, - gssapi_client.store.envval); + gssapi_client.store.envval); child_set_env(envp, envsizep, gssapi_client.store.envvar, - gssapi_client.store.envval); + gssapi_client.store.envval); } } -/* Privileged */ +/* Priviledged */ int ssh_gssapi_userok(char *user) { - OM_uint32 lmin; - if (gssapi_client.exportedname.length == 0 || gssapi_client.exportedname.value == NULL) { debug("No suitable client data"); return 0; } if (gssapi_client.mech && gssapi_client.mech->userok) - if ((*gssapi_client.mech->userok)(&gssapi_client, user)) - return 1; - else { - /* Destroy delegated credentials if userok fails */ - gss_release_buffer(&lmin, &gssapi_client.displayname); - gss_release_buffer(&lmin, &gssapi_client.exportedname); - gss_release_cred(&lmin, &gssapi_client.creds); - memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); - return 0; - } + return ((*gssapi_client.mech->userok)(&gssapi_client, user)); else debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); return (0); } -/* Privileged */ +/* Priviledged */ OM_uint32 ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) {