=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/gss-serv.c,v retrieving revision 1.8 retrieving revision 1.8.2.2 diff -u -r1.8 -r1.8.2.2 --- src/usr.bin/ssh/gss-serv.c 2005/08/30 22:08:05 1.8 +++ src/usr.bin/ssh/gss-serv.c 2006/10/06 03:19:32 1.8.2.2 @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.8.2.2 2006/10/06 03:19:32 brad Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -24,25 +24,24 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "includes.h" +#include #ifdef GSSAPI -#include "bufaux.h" -#include "compat.h" +#include + +#include "xmalloc.h" +#include "buffer.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" #include "log.h" #include "channels.h" #include "session.h" -#include "servconf.h" -#include "monitor_wrap.h" -#include "xmalloc.h" -#include "getput.h" +#include "misc.h" #include "ssh-gss.h" -extern ServerOptions options; - static ssh_gssapi_client gssapi_client = { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; @@ -61,7 +60,7 @@ &gssapi_null_mech, }; -/* Unpriviledged */ +/* Unprivileged */ void ssh_gssapi_supported_oids(gss_OID_set *oidset) { @@ -82,6 +81,8 @@ &supported_mechs[i]->oid, oidset); i++; } + + gss_release_oid_set(&min_status, &supported); } @@ -90,7 +91,7 @@ * oid * credentials (from ssh_gssapi_acquire_cred) */ -/* Priviledged */ +/* Privileged */ OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags) @@ -138,14 +139,14 @@ OM_uint32 offset; OM_uint32 oidl; - tok=ename->value; + tok = ename->value; /* * Check that ename is long enough for all of the fixed length * header, and that the initial ID bytes are correct */ - if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0) + if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0) return GSS_S_FAILURE; /* @@ -155,7 +156,7 @@ * second without. */ - oidl = GET_16BIT(tok+2); /* length including next two bytes */ + oidl = get_u16(tok+2); /* length including next two bytes */ oidl = oidl-2; /* turn it into the _real_ length of the variable OID */ /* @@ -164,7 +165,7 @@ */ if (tok[4] != 0x06 || tok[5] != oidl || ename->length < oidl+6 || - !ssh_gssapi_check_oid(ctx,tok+6,oidl)) + !ssh_gssapi_check_oid(ctx, tok+6, oidl)) return GSS_S_FAILURE; offset = oidl+6; @@ -172,14 +173,14 @@ if (ename->length < offset+4) return GSS_S_FAILURE; - name->length = GET_32BIT(tok+offset); + name->length = get_u32(tok+offset); offset += 4; if (ename->length < offset+name->length) return GSS_S_FAILURE; name->value = xmalloc(name->length+1); - memcpy(name->value,tok+offset,name->length); + memcpy(name->value, tok+offset, name->length); ((char *)name->value)[name->length] = 0; return GSS_S_COMPLETE; @@ -188,7 +189,7 @@ /* Extract the client details from a given context. This can only reliably * be called once for a context */ -/* Priviledged (called from accept_secure_ctx) */ +/* Privileged (called from accept_secure_ctx) */ OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) { @@ -238,7 +239,8 @@ { if (gssapi_client.store.filename != NULL) { /* Unlink probably isn't sufficient */ - debug("removing gssapi cred file\"%s\"", gssapi_client.store.filename); + debug("removing gssapi cred file\"%s\"", + gssapi_client.store.filename); unlink(gssapi_client.store.filename); } } @@ -263,15 +265,14 @@ if (gssapi_client.store.envvar != NULL && gssapi_client.store.envval != NULL) { - debug("Setting %s to %s", gssapi_client.store.envvar, - gssapi_client.store.envval); + gssapi_client.store.envval); child_set_env(envp, envsizep, gssapi_client.store.envvar, gssapi_client.store.envval); } } -/* Priviledged */ +/* Privileged */ int ssh_gssapi_userok(char *user) { @@ -298,7 +299,7 @@ return (0); } -/* Priviledged */ +/* Privileged */ OM_uint32 ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) {