gss-genr.c (181110) | gss-genr.c (181111) |
---|---|
1/* $OpenBSD: gss-genr.c,v 1.17 2006/08/29 12:02:30 dtucker Exp $ */ | 1/* $OpenBSD: gss-genr.c,v 1.19 2007/06/12 11:56:15 dtucker Exp $ */ |
2 3/* | 2 3/* |
4 * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. | 4 * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the --- 89 unchanged lines hidden (view full) --- 102 *major_status = ctxt->major; 103 if (minor_status != NULL) 104 *minor_status = ctxt->minor; 105 106 ctx = 0; 107 /* The GSSAPI error */ 108 do { 109 gss_display_status(&lmin, ctxt->major, | 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the --- 89 unchanged lines hidden (view full) --- 102 *major_status = ctxt->major; 103 if (minor_status != NULL) 104 *minor_status = ctxt->minor; 105 106 ctx = 0; 107 /* The GSSAPI error */ 108 do { 109 gss_display_status(&lmin, ctxt->major, |
110 GSS_C_GSS_CODE, GSS_C_NULL_OID, &ctx, &msg); | 110 GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg); |
111 112 buffer_append(&b, msg.value, msg.length); 113 buffer_put_char(&b, '\n'); 114 115 gss_release_buffer(&lmin, &msg); 116 } while (ctx != 0); 117 118 /* The mechanism specific error */ 119 do { 120 gss_display_status(&lmin, ctxt->minor, | 111 112 buffer_append(&b, msg.value, msg.length); 113 buffer_put_char(&b, '\n'); 114 115 gss_release_buffer(&lmin, &msg); 116 } while (ctx != 0); 117 118 /* The mechanism specific error */ 119 do { 120 gss_display_status(&lmin, ctxt->minor, |
121 GSS_C_MECH_CODE, GSS_C_NULL_OID, &ctx, &msg); | 121 GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg); |
122 123 buffer_append(&b, msg.value, msg.length); 124 buffer_put_char(&b, '\n'); 125 126 gss_release_buffer(&lmin, &msg); 127 } while (ctx != 0); 128 129 buffer_put_char(&b, '\0'); --- 91 unchanged lines hidden (view full) --- 221 if ((ctx->major = gss_import_name(&ctx->minor, 222 &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) 223 ssh_gssapi_error(ctx); 224 225 xfree(gssbuf.value); 226 return (ctx->major); 227} 228 | 122 123 buffer_append(&b, msg.value, msg.length); 124 buffer_put_char(&b, '\n'); 125 126 gss_release_buffer(&lmin, &msg); 127 } while (ctx != 0); 128 129 buffer_put_char(&b, '\0'); --- 91 unchanged lines hidden (view full) --- 221 if ((ctx->major = gss_import_name(&ctx->minor, 222 &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) 223 ssh_gssapi_error(ctx); 224 225 xfree(gssbuf.value); 226 return (ctx->major); 227} 228 |
229/* Acquire credentials for a server running on the current host. 230 * Requires that the context structure contains a valid OID 231 */ 232 233/* Returns a GSSAPI error code */ | |
234OM_uint32 | 229OM_uint32 |
235ssh_gssapi_acquire_cred(Gssctxt *ctx) 236{ 237 OM_uint32 status; 238 char lname[MAXHOSTNAMELEN]; 239 gss_OID_set oidset; 240 241 gss_create_empty_oid_set(&status, &oidset); 242 gss_add_oid_set_member(&status, ctx->oid, &oidset); 243 244 if (gethostname(lname, MAXHOSTNAMELEN)) { 245 gss_release_oid_set(&status, &oidset); 246 return (-1); 247 } 248 249 if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { 250 gss_release_oid_set(&status, &oidset); 251 return (ctx->major); 252 } 253 254 if ((ctx->major = gss_acquire_cred(&ctx->minor, 255 ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) 256 ssh_gssapi_error(ctx); 257 258 gss_release_oid_set(&status, &oidset); 259 return (ctx->major); 260} 261 262OM_uint32 | |
263ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) 264{ 265 if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, 266 GSS_C_QOP_DEFAULT, buffer, hash))) 267 ssh_gssapi_error(ctx); 268 269 return (ctx->major); 270} --- 5 unchanged lines hidden (view full) --- 276 buffer_init(b); 277 buffer_put_string(b, session_id2, session_id2_len); 278 buffer_put_char(b, SSH2_MSG_USERAUTH_REQUEST); 279 buffer_put_cstring(b, user); 280 buffer_put_cstring(b, service); 281 buffer_put_cstring(b, context); 282} 283 | 230ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) 231{ 232 if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, 233 GSS_C_QOP_DEFAULT, buffer, hash))) 234 ssh_gssapi_error(ctx); 235 236 return (ctx->major); 237} --- 5 unchanged lines hidden (view full) --- 243 buffer_init(b); 244 buffer_put_string(b, session_id2, session_id2_len); 245 buffer_put_char(b, SSH2_MSG_USERAUTH_REQUEST); 246 buffer_put_cstring(b, user); 247 buffer_put_cstring(b, service); 248 buffer_put_cstring(b, context); 249} 250 |
284OM_uint32 285ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) 286{ 287 if (*ctx) 288 ssh_gssapi_delete_ctx(ctx); 289 ssh_gssapi_build_ctx(ctx); 290 ssh_gssapi_set_oid(*ctx, oid); 291 return (ssh_gssapi_acquire_cred(*ctx)); 292} 293 | |
294int 295ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) 296{ 297 gss_buffer_desc token = GSS_C_EMPTY_BUFFER; 298 OM_uint32 major, minor; 299 gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; 300 301 /* RFC 4462 says we MUST NOT do SPNEGO */ --- 23 unchanged lines hidden --- | 251int 252ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) 253{ 254 gss_buffer_desc token = GSS_C_EMPTY_BUFFER; 255 OM_uint32 major, minor; 256 gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; 257 258 /* RFC 4462 says we MUST NOT do SPNEGO */ --- 23 unchanged lines hidden --- |