version 1.127, 2003/10/11 08:26:43 |
version 1.128, 2003/10/26 16:57:43 |
|
|
userauth_gssapi(Authctxt *authctxt) |
userauth_gssapi(Authctxt *authctxt) |
{ |
{ |
Gssctxt *gssctxt = NULL; |
Gssctxt *gssctxt = NULL; |
static gss_OID_set supported = NULL; |
static gss_OID_set gss_supported = NULL; |
static int mech = 0; |
static int mech = 0; |
OM_uint32 min; |
OM_uint32 min; |
int ok = 0; |
int ok = 0; |
|
|
/* Try one GSSAPI method at a time, rather than sending them all at |
/* Try one GSSAPI method at a time, rather than sending them all at |
* once. */ |
* once. */ |
|
|
if (supported == NULL) |
if (gss_supported == NULL) |
gss_indicate_mechs(&min, &supported); |
gss_indicate_mechs(&min, &gss_supported); |
|
|
/* Check to see if the mechanism is usable before we offer it */ |
/* Check to see if the mechanism is usable before we offer it */ |
while (mech<supported->count && !ok) { |
while (mech < gss_supported->count && !ok) { |
if (gssctxt) |
if (gssctxt) |
ssh_gssapi_delete_ctx(&gssctxt); |
ssh_gssapi_delete_ctx(&gssctxt); |
ssh_gssapi_build_ctx(&gssctxt); |
ssh_gssapi_build_ctx(&gssctxt); |
ssh_gssapi_set_oid(gssctxt, &supported->elements[mech]); |
ssh_gssapi_set_oid(gssctxt, &gss_supported->elements[mech]); |
|
|
/* My DER encoding requires length<128 */ |
/* My DER encoding requires length<128 */ |
if (supported->elements[mech].length < 128 && |
if (gss_supported->elements[mech].length < 128 && |
!GSS_ERROR(ssh_gssapi_import_name(gssctxt, |
!GSS_ERROR(ssh_gssapi_import_name(gssctxt, |
authctxt->host))) { |
authctxt->host))) { |
ok = 1; /* Mechanism works */ |
ok = 1; /* Mechanism works */ |
|
|
|
|
/* Some servers encode the OID incorrectly (as we used to) */ |
/* Some servers encode the OID incorrectly (as we used to) */ |
if (datafellows & SSH_BUG_GSSAPI_BER) { |
if (datafellows & SSH_BUG_GSSAPI_BER) { |
packet_put_string(supported->elements[mech].elements, |
packet_put_string(gss_supported->elements[mech].elements, |
supported->elements[mech].length); |
gss_supported->elements[mech].length); |
} else { |
} else { |
packet_put_int((supported->elements[mech].length)+2); |
packet_put_int((gss_supported->elements[mech].length)+2); |
packet_put_char(SSH_GSS_OIDTYPE); |
packet_put_char(SSH_GSS_OIDTYPE); |
packet_put_char(supported->elements[mech].length); |
packet_put_char(gss_supported->elements[mech].length); |
packet_put_raw(supported->elements[mech].elements, |
packet_put_raw(gss_supported->elements[mech].elements, |
supported->elements[mech].length); |
gss_supported->elements[mech].length); |
} |
} |
|
|
packet_send(); |
packet_send(); |