src/usr.bin/ssh/sshconnect2.c - diff

Return to sshconnect2.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshconnect2.c between version 1.129 and 1.130

version 1.129, 2003/11/02 11:01:03

version 1.130, 2003/11/14 13:19:09

Line 535

return 1;

}

static OM_uint32

process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)

{

Authctxt *authctxt = ctxt;

Gssctxt *gssctxt = authctxt->methoddata;

gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;

OM_uint32 status, ms;

status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,

recv_tok, &send_tok, NULL);

if (send_tok.length > 0) {

if (GSS_ERROR(status))

packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);

else

packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);

packet_put_string(send_tok.value, send_tok.length);

packet_send();

gss_release_buffer(&ms, &send_tok);

}

if (status == GSS_S_COMPLETE) {

/* If that succeeded, send a exchange complete message */

packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);

packet_send();

}

return status;

}

void

input_gssapi_response(int type, u_int32_t plen, void *ctxt)

{

Authctxt *authctxt = ctxt;

Gssctxt *gssctxt;

OM_uint32 status, ms;

int oidlen;

char *oidv;

gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;

if (authctxt == NULL)

fatal("input_gssapi_response: no authentication context");

Line 555

Line 584

if (oidlen <= 2 ||

oidv[0] != SSH_GSS_OIDTYPE ||

oidv[1] != oidlen - 2) {

xfree(oidv);

debug("Badly encoded mechanism OID received");

userauth(authctxt, NULL);

xfree(oidv);

return;

}

Line 568

Line 597

xfree(oidv);

status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,

if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {

GSS_C_NO_BUFFER, &send_tok, NULL);

if (GSS_ERROR(status)) {

if (send_tok.length > 0) {

packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);

packet_put_string(send_tok.value, send_tok.length);

packet_send();

gss_release_buffer(&ms, &send_tok);

}

/* Start again with next method on list */

debug("Trying to start again");

userauth(authctxt, NULL);

return;

}

/* We must have data to send */

packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);

packet_put_string(send_tok.value, send_tok.length);

packet_send();

gss_release_buffer(&ms, &send_tok);

}

void

input_gssapi_token(int type, u_int32_t plen, void *ctxt)

{

Authctxt *authctxt = ctxt;

Gssctxt *gssctxt;

gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;

gss_buffer_desc recv_tok;

OM_uint32 status, ms;

OM_uint32 status;

u_int slen;

if (authctxt == NULL)

fatal("input_gssapi_response: no authentication context");

gssctxt = authctxt->methoddata;

recv_tok.value = packet_get_string(&slen);

recv_tok.length = slen; /* safe typecast */

packet_check_eom();

status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,

status = process_gssapi_token(ctxt, &recv_tok);

&recv_tok, &send_tok, NULL);

xfree(recv_tok.value);

if (GSS_ERROR(status)) {

if (send_tok.length > 0) {

packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);

packet_put_string(send_tok.value, send_tok.length);

packet_send();

gss_release_buffer(&ms, &send_tok);

}

/* Start again with the next method in the list */

userauth(authctxt, NULL);

return;

}

if (send_tok.length > 0) {

packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);

packet_put_string(send_tok.value, send_tok.length);

packet_send();

gss_release_buffer(&ms, &send_tok);

}

if (status == GSS_S_COMPLETE) {

/* If that succeeded, send a exchange complete message */

packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);

packet_send();

}