diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2007-06-12 23:40:39 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2007-06-12 23:40:39 +1000 |
| commit | 8f6d0ed60eb0d790564a5f47ba63c9bc3c734058 (patch) | |
| tree | cbdc91acff173fdb6a2f6310d60b720a2ce815c2 | |
| parent | 29a5707accd89cefb6c0a03ada09511c0cd6985a (diff) | |
- djm@cvs.openbsd.org 2007/06/12 08:20:00
[ssh-gss.h gss-serv.c gss-genr.c]
relocate server-only GSSAPI code from libssh to server; bz #1225
patch from simon AT sxw.org.uk; ok markus@ dtucker@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | gss-genr.c | 45 | ||||
| -rw-r--r-- | gss-serv.c | 50 | ||||
| -rw-r--r-- | ssh-gss.h | 5 |
4 files changed, 57 insertions, 49 deletions
| @@ -8,6 +8,10 @@ | |||
| 8 | better document ssh-add's -d option (delete identies from agent), bz#1224 | 8 | better document ssh-add's -d option (delete identies from agent), bz#1224 |
| 9 | new text based on some provided by andrewmc-debian AT celt.dias.ie; | 9 | new text based on some provided by andrewmc-debian AT celt.dias.ie; |
| 10 | ok dtucker@ | 10 | ok dtucker@ |
| 11 | - djm@cvs.openbsd.org 2007/06/12 08:20:00 | ||
| 12 | [ssh-gss.h gss-serv.c gss-genr.c] | ||
| 13 | relocate server-only GSSAPI code from libssh to server; bz #1225 | ||
| 14 | patch from simon AT sxw.org.uk; ok markus@ dtucker@ | ||
| 11 | 15 | ||
| 12 | 20070611 | 16 | 20070611 |
| 13 | - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit | 17 | - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit |
| @@ -3022,4 +3026,4 @@ | |||
| 3022 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 3026 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 3023 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 3027 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 3024 | 3028 | ||
| 3025 | $Id: ChangeLog,v 1.4690 2007/06/12 13:39:52 dtucker Exp $ | 3029 | $Id: ChangeLog,v 1.4691 2007/06/12 13:40:39 dtucker Exp $ |
diff --git a/gss-genr.c b/gss-genr.c index 57f12a2dc..d2b718e7a 100644 --- a/gss-genr.c +++ b/gss-genr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gss-genr.c,v 1.17 2006/08/29 12:02:30 dtucker Exp $ */ | 1 | /* $OpenBSD: gss-genr.c,v 1.18 2007/06/12 08:20:00 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. |
| @@ -226,39 +226,6 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) | |||
| 226 | return (ctx->major); | 226 | return (ctx->major); |
| 227 | } | 227 | } |
| 228 | 228 | ||
| 229 | /* Acquire credentials for a server running on the current host. | ||
| 230 | * Requires that the context structure contains a valid OID | ||
| 231 | */ | ||
| 232 | |||
| 233 | /* Returns a GSSAPI error code */ | ||
| 234 | OM_uint32 | ||
| 235 | ssh_gssapi_acquire_cred(Gssctxt *ctx) | ||
| 236 | { | ||
| 237 | OM_uint32 status; | ||
| 238 | char lname[MAXHOSTNAMELEN]; | ||
| 239 | gss_OID_set oidset; | ||
| 240 | |||
| 241 | gss_create_empty_oid_set(&status, &oidset); | ||
| 242 | gss_add_oid_set_member(&status, ctx->oid, &oidset); | ||
| 243 | |||
| 244 | if (gethostname(lname, MAXHOSTNAMELEN)) { | ||
| 245 | gss_release_oid_set(&status, &oidset); | ||
| 246 | return (-1); | ||
| 247 | } | ||
| 248 | |||
| 249 | if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { | ||
| 250 | gss_release_oid_set(&status, &oidset); | ||
| 251 | return (ctx->major); | ||
| 252 | } | ||
| 253 | |||
| 254 | if ((ctx->major = gss_acquire_cred(&ctx->minor, | ||
| 255 | ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) | ||
| 256 | ssh_gssapi_error(ctx); | ||
| 257 | |||
| 258 | gss_release_oid_set(&status, &oidset); | ||
| 259 | return (ctx->major); | ||
| 260 | } | ||
| 261 | |||
| 262 | OM_uint32 | 229 | OM_uint32 |
| 263 | ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) | 230 | ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) |
| 264 | { | 231 | { |
| @@ -281,16 +248,6 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, | |||
| 281 | buffer_put_cstring(b, context); | 248 | buffer_put_cstring(b, context); |
| 282 | } | 249 | } |
| 283 | 250 | ||
| 284 | OM_uint32 | ||
| 285 | ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | ||
| 286 | { | ||
| 287 | if (*ctx) | ||
| 288 | ssh_gssapi_delete_ctx(ctx); | ||
| 289 | ssh_gssapi_build_ctx(ctx); | ||
| 290 | ssh_gssapi_set_oid(*ctx, oid); | ||
| 291 | return (ssh_gssapi_acquire_cred(*ctx)); | ||
| 292 | } | ||
| 293 | |||
| 294 | int | 251 | int |
| 295 | ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) | 252 | ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) |
| 296 | { | 253 | { |
diff --git a/gss-serv.c b/gss-serv.c index e8191a859..bc498fd47 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| @@ -29,6 +29,7 @@ | |||
| 29 | #ifdef GSSAPI | 29 | #ifdef GSSAPI |
| 30 | 30 | ||
| 31 | #include <sys/types.h> | 31 | #include <sys/types.h> |
| 32 | #include <sys/param.h> | ||
| 32 | 33 | ||
| 33 | #include <stdarg.h> | 34 | #include <stdarg.h> |
| 34 | #include <string.h> | 35 | #include <string.h> |
| @@ -64,6 +65,53 @@ ssh_gssapi_mech* supported_mechs[]= { | |||
| 64 | &gssapi_null_mech, | 65 | &gssapi_null_mech, |
| 65 | }; | 66 | }; |
| 66 | 67 | ||
| 68 | |||
| 69 | /* | ||
| 70 | * Acquire credentials for a server running on the current host. | ||
| 71 | * Requires that the context structure contains a valid OID | ||
| 72 | */ | ||
| 73 | |||
| 74 | /* Returns a GSSAPI error code */ | ||
| 75 | /* Privileged (called from ssh_gssapi_server_ctx) */ | ||
| 76 | static OM_uint32 | ||
| 77 | ssh_gssapi_acquire_cred(Gssctxt *ctx) | ||
| 78 | { | ||
| 79 | OM_uint32 status; | ||
| 80 | char lname[MAXHOSTNAMELEN]; | ||
| 81 | gss_OID_set oidset; | ||
| 82 | |||
| 83 | gss_create_empty_oid_set(&status, &oidset); | ||
| 84 | gss_add_oid_set_member(&status, ctx->oid, &oidset); | ||
| 85 | |||
| 86 | if (gethostname(lname, MAXHOSTNAMELEN)) { | ||
| 87 | gss_release_oid_set(&status, &oidset); | ||
| 88 | return (-1); | ||
| 89 | } | ||
| 90 | |||
| 91 | if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { | ||
| 92 | gss_release_oid_set(&status, &oidset); | ||
| 93 | return (ctx->major); | ||
| 94 | } | ||
| 95 | |||
| 96 | if ((ctx->major = gss_acquire_cred(&ctx->minor, | ||
| 97 | ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) | ||
| 98 | ssh_gssapi_error(ctx); | ||
| 99 | |||
| 100 | gss_release_oid_set(&status, &oidset); | ||
| 101 | return (ctx->major); | ||
| 102 | } | ||
| 103 | |||
| 104 | /* Privileged */ | ||
| 105 | OM_uint32 | ||
| 106 | ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | ||
| 107 | { | ||
| 108 | if (*ctx) | ||
| 109 | ssh_gssapi_delete_ctx(ctx); | ||
| 110 | ssh_gssapi_build_ctx(ctx); | ||
| 111 | ssh_gssapi_set_oid(*ctx, oid); | ||
| 112 | return (ssh_gssapi_acquire_cred(*ctx)); | ||
| 113 | } | ||
| 114 | |||
| 67 | /* Unprivileged */ | 115 | /* Unprivileged */ |
| 68 | void | 116 | void |
| 69 | ssh_gssapi_supported_oids(gss_OID_set *oidset) | 117 | ssh_gssapi_supported_oids(gss_OID_set *oidset) |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-gss.h,v 1.9 2006/08/18 14:40:34 djm Exp $ */ | 1 | /* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 3 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| 4 | * | 4 | * |
| @@ -105,7 +105,6 @@ void ssh_gssapi_supported_oids(gss_OID_set *); | |||
| 105 | ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *); | 105 | ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *); |
| 106 | 106 | ||
| 107 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); | 107 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); |
| 108 | OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *); | ||
| 109 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, | 108 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, |
| 110 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); | 109 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); |
| 111 | OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *, | 110 | OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *, |
| @@ -116,11 +115,11 @@ char *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *); | |||
| 116 | void ssh_gssapi_build_ctx(Gssctxt **); | 115 | void ssh_gssapi_build_ctx(Gssctxt **); |
| 117 | void ssh_gssapi_delete_ctx(Gssctxt **); | 116 | void ssh_gssapi_delete_ctx(Gssctxt **); |
| 118 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | 117 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); |
| 119 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | ||
| 120 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); | 118 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); |
| 121 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); | 119 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); |
| 122 | 120 | ||
| 123 | /* In the server */ | 121 | /* In the server */ |
| 122 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | ||
| 124 | int ssh_gssapi_userok(char *name); | 123 | int ssh_gssapi_userok(char *name); |
| 125 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); | 124 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); |
| 126 | void ssh_gssapi_do_child(char ***, u_int *); | 125 | void ssh_gssapi_do_child(char ***, u_int *); |