- markus@cvs.openbsd.org 2003/11/14 13:19:09

     [sshconnect2.c]
     cleanup and minor fixes for the client code; from Simon Wilkinson

2 files changed, 40 insertions, 45 deletions

diff --git a/ChangeLog b/ChangeLog
index eb3c71b3f..8eba44a97 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,9 @@
    - jmc@cvs.openbsd.org 2003/11/12 20:14:51
      [ssh_config.5]
      make verb agree with subject, and kill some whitespace;
+   - markus@cvs.openbsd.org 2003/11/14 13:19:09
+     [sshconnect2.c]
+     cleanup and minor fixes for the client code; from Simon Wilkinson
 
 20031115
  - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@@ -1457,4 +1460,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3107 2003/11/17 10:19:49 djm Exp $
+$Id: ChangeLog,v 1.3108 2003/11/17 10:20:18 djm Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index f991f81d8..045f3081f 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.129 2003/11/02 11:01:03 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.130 2003/11/14 13:19:09 markus Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -537,15 +537,44 @@ userauth_gssapi(Authctxt *authctxt)
         return 1;
 }
 
+static OM_uint32
+process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
+{
+        Authctxt *authctxt = ctxt;
+        Gssctxt *gssctxt = authctxt->methoddata;
+        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+        OM_uint32 status, ms;
+        
+        status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
+            recv_tok, &send_tok, NULL);
+
+        if (send_tok.length > 0) {
+                if (GSS_ERROR(status))
+                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
+                else
+                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
+                        
+                packet_put_string(send_tok.value, send_tok.length);
+                packet_send();
+                gss_release_buffer(&ms, &send_tok);
+        }
+        
+        if (status == GSS_S_COMPLETE) {
+                /* If that succeeded, send a exchange complete message */
+                packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
+                packet_send();
+        }
+        
+        return status;
+}
+
 void
 input_gssapi_response(int type, u_int32_t plen, void *ctxt)
 {
         Authctxt *authctxt = ctxt;
         Gssctxt *gssctxt;
-        OM_uint32 status, ms;
         int oidlen;
         char *oidv;
-        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 
         if (authctxt == NULL)
                 fatal("input_gssapi_response: no authentication context");
@@ -557,9 +586,9 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
         if (oidlen <= 2 ||
             oidv[0] != SSH_GSS_OIDTYPE ||
             oidv[1] != oidlen - 2) {
+                xfree(oidv);
                 debug("Badly encoded mechanism OID received");
                 userauth(authctxt, NULL);
-                xfree(oidv);
                 return;
         }
 
@@ -570,76 +599,39 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
 
         xfree(oidv);
 
-        status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
-            GSS_C_NO_BUFFER, &send_tok, NULL);
-        if (GSS_ERROR(status)) {
-                if (send_tok.length > 0) {
-                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
-                        packet_put_string(send_tok.value, send_tok.length);
-                        packet_send();
-                        gss_release_buffer(&ms, &send_tok);
-                }
+        if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
                 /* Start again with next method on list */
                 debug("Trying to start again");
                 userauth(authctxt, NULL);
                 return;
         }
-
-        /* We must have data to send */
-        packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
-        packet_put_string(send_tok.value, send_tok.length);
-        packet_send();
-        gss_release_buffer(&ms, &send_tok);
 }
 
 void
 input_gssapi_token(int type, u_int32_t plen, void *ctxt)
 {
         Authctxt *authctxt = ctxt;
-        Gssctxt *gssctxt;
-        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
         gss_buffer_desc recv_tok;
-        OM_uint32 status, ms;
+        OM_uint32 status;
         u_int slen;
 
         if (authctxt == NULL)
                 fatal("input_gssapi_response: no authentication context");
-        gssctxt = authctxt->methoddata;
 
         recv_tok.value = packet_get_string(&slen);
         recv_tok.length = slen; /* safe typecast */
 
         packet_check_eom();
 
-        status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
-            &recv_tok, &send_tok, NULL);
+        status = process_gssapi_token(ctxt, &recv_tok);
 
         xfree(recv_tok.value);
 
         if (GSS_ERROR(status)) {
-                if (send_tok.length > 0) {
-                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
-                        packet_put_string(send_tok.value, send_tok.length);
-                        packet_send();
-                        gss_release_buffer(&ms, &send_tok);
-                }
                 /* Start again with the next method in the list */
                 userauth(authctxt, NULL);
                 return;
         }
-
-        if (send_tok.length > 0) {
-                packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
-                packet_put_string(send_tok.value, send_tok.length);
-                packet_send();
-                gss_release_buffer(&ms, &send_tok);
-        }
-
-        if (status == GSS_S_COMPLETE) {
-                /* If that succeeded, send a exchange complete message */
-                packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
-                packet_send();
-        }
 }
 
 void