version 1.132, 2003/11/17 11:06:07 |
version 1.133, 2003/11/21 11:57:03 |
|
|
} |
} |
|
|
#ifdef GSSAPI |
#ifdef GSSAPI |
int |
int |
userauth_gssapi(Authctxt *authctxt) |
userauth_gssapi(Authctxt *authctxt) |
{ |
{ |
Gssctxt *gssctxt = NULL; |
Gssctxt *gssctxt = NULL; |
|
|
gss_buffer_desc gssbuf, mic; |
gss_buffer_desc gssbuf, mic; |
OM_uint32 status, ms, flags; |
OM_uint32 status, ms, flags; |
Buffer b; |
Buffer b; |
|
|
status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, |
status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, |
recv_tok, &send_tok, &flags); |
recv_tok, &send_tok, &flags); |
|
|
|
|
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); |
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); |
else |
else |
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); |
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); |
|
|
packet_put_string(send_tok.value, send_tok.length); |
packet_put_string(send_tok.value, send_tok.length); |
packet_send(); |
packet_send(); |
gss_release_buffer(&ms, &send_tok); |
gss_release_buffer(&ms, &send_tok); |
} |
} |
|
|
if (status == GSS_S_COMPLETE) { |
if (status == GSS_S_COMPLETE) { |
/* send either complete or MIC, depending on mechanism */ |
/* send either complete or MIC, depending on mechanism */ |
if (!(flags & GSS_C_INTEG_FLAG)) { |
if (!(flags & GSS_C_INTEG_FLAG)) { |
|
|
|
|
gssbuf.value = buffer_ptr(&b); |
gssbuf.value = buffer_ptr(&b); |
gssbuf.length = buffer_len(&b); |
gssbuf.length = buffer_len(&b); |
|
|
status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); |
status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); |
|
|
if (!GSS_ERROR(status)) { |
if (!GSS_ERROR(status)) { |
packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); |
packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); |
packet_put_string(mic.value, mic.length); |
packet_put_string(mic.value, mic.length); |
|
|
packet_send(); |
packet_send(); |
} |
} |
|
|
buffer_free(&b); |
buffer_free(&b); |
gss_release_buffer(&ms, &mic); |
gss_release_buffer(&ms, &mic); |
} |
} |
} |
} |
|
|
return status; |
return status; |
} |
} |
|
|
|
|
key = ssh_get_next_identity(ac, &comment, 2)) { |
key = ssh_get_next_identity(ac, &comment, 2)) { |
found = 0; |
found = 0; |
TAILQ_FOREACH(id, &files, next) { |
TAILQ_FOREACH(id, &files, next) { |
/* agent keys from the config file are preferred */ |
/* agent keys from the config file are preferred */ |
if (key_equal(key, id->key)) { |
if (key_equal(key, id->key)) { |
key_free(key); |
key_free(key); |
xfree(comment); |
xfree(comment); |