diff options
| author | Colin Watson <cjwatson@debian.org> | 2006-05-12 08:53:37 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2006-05-12 08:53:37 +0000 |
| commit | 2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (patch) | |
| tree | f64a4ace625514e94759878c0b94ab0a79805bbd /gss-serv.c | |
| parent | 3c190ec8e469477ea65fbf4cc83062c65c281434 (diff) | |
| parent | 3e2e0ac10674d77618c4c7339e18b83ced247492 (diff) | |
Merge 4.3p2 to the trunk.
Diffstat (limited to 'gss-serv.c')
| -rw-r--r-- | gss-serv.c | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/gss-serv.c b/gss-serv.c index 05ae54e97..9682fc3c3 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| @@ -29,20 +29,16 @@ | |||
| 29 | #ifdef GSSAPI | 29 | #ifdef GSSAPI |
| 30 | 30 | ||
| 31 | #include "bufaux.h" | 31 | #include "bufaux.h" |
| 32 | #include "compat.h" | ||
| 33 | #include "auth.h" | 32 | #include "auth.h" |
| 34 | #include "log.h" | 33 | #include "log.h" |
| 35 | #include "channels.h" | 34 | #include "channels.h" |
| 36 | #include "session.h" | 35 | #include "session.h" |
| 37 | #include "servconf.h" | 36 | #include "servconf.h" |
| 38 | #include "monitor_wrap.h" | ||
| 39 | #include "xmalloc.h" | 37 | #include "xmalloc.h" |
| 40 | #include "getput.h" | 38 | #include "getput.h" |
| 41 | 39 | ||
| 42 | #include "ssh-gss.h" | 40 | #include "ssh-gss.h" |
| 43 | 41 | ||
| 44 | extern ServerOptions options; | ||
| 45 | |||
| 46 | static ssh_gssapi_client gssapi_client = | 42 | static ssh_gssapi_client gssapi_client = |
| 47 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, | 43 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, |
| 48 | GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; | 44 | GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; |
| @@ -61,7 +57,7 @@ ssh_gssapi_mech* supported_mechs[]= { | |||
| 61 | &gssapi_null_mech, | 57 | &gssapi_null_mech, |
| 62 | }; | 58 | }; |
| 63 | 59 | ||
| 64 | /* Unpriviledged */ | 60 | /* Unprivileged */ |
| 65 | char * | 61 | char * |
| 66 | ssh_gssapi_server_mechanisms() { | 62 | ssh_gssapi_server_mechanisms() { |
| 67 | gss_OID_set supported; | 63 | gss_OID_set supported; |
| @@ -71,7 +67,7 @@ ssh_gssapi_server_mechanisms() { | |||
| 71 | NULL)); | 67 | NULL)); |
| 72 | } | 68 | } |
| 73 | 69 | ||
| 74 | /* Unpriviledged */ | 70 | /* Unprivileged */ |
| 75 | int | 71 | int |
| 76 | ssh_gssapi_server_check_mech(gss_OID oid, void *data) { | 72 | ssh_gssapi_server_check_mech(gss_OID oid, void *data) { |
| 77 | Gssctxt * ctx = NULL; | 73 | Gssctxt * ctx = NULL; |
| @@ -83,7 +79,7 @@ ssh_gssapi_server_check_mech(gss_OID oid, void *data) { | |||
| 83 | return (res); | 79 | return (res); |
| 84 | } | 80 | } |
| 85 | 81 | ||
| 86 | /* Unpriviledged */ | 82 | /* Unprivileged */ |
| 87 | void | 83 | void |
| 88 | ssh_gssapi_supported_oids(gss_OID_set *oidset) | 84 | ssh_gssapi_supported_oids(gss_OID_set *oidset) |
| 89 | { | 85 | { |
| @@ -112,7 +108,7 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) | |||
| 112 | * oid | 108 | * oid |
| 113 | * credentials (from ssh_gssapi_acquire_cred) | 109 | * credentials (from ssh_gssapi_acquire_cred) |
| 114 | */ | 110 | */ |
| 115 | /* Priviledged */ | 111 | /* Privileged */ |
| 116 | OM_uint32 | 112 | OM_uint32 |
| 117 | ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, | 113 | ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, |
| 118 | gss_buffer_desc *send_tok, OM_uint32 *flags) | 114 | gss_buffer_desc *send_tok, OM_uint32 *flags) |
| @@ -160,14 +156,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 160 | OM_uint32 offset; | 156 | OM_uint32 offset; |
| 161 | OM_uint32 oidl; | 157 | OM_uint32 oidl; |
| 162 | 158 | ||
| 163 | tok=ename->value; | 159 | tok = ename->value; |
| 164 | 160 | ||
| 165 | /* | 161 | /* |
| 166 | * Check that ename is long enough for all of the fixed length | 162 | * Check that ename is long enough for all of the fixed length |
| 167 | * header, and that the initial ID bytes are correct | 163 | * header, and that the initial ID bytes are correct |
| 168 | */ | 164 | */ |
| 169 | 165 | ||
| 170 | if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0) | 166 | if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0) |
| 171 | return GSS_S_FAILURE; | 167 | return GSS_S_FAILURE; |
| 172 | 168 | ||
| 173 | /* | 169 | /* |
| @@ -186,7 +182,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 186 | */ | 182 | */ |
| 187 | if (tok[4] != 0x06 || tok[5] != oidl || | 183 | if (tok[4] != 0x06 || tok[5] != oidl || |
| 188 | ename->length < oidl+6 || | 184 | ename->length < oidl+6 || |
| 189 | !ssh_gssapi_check_oid(ctx,tok+6,oidl)) | 185 | !ssh_gssapi_check_oid(ctx, tok+6, oidl)) |
| 190 | return GSS_S_FAILURE; | 186 | return GSS_S_FAILURE; |
| 191 | 187 | ||
| 192 | offset = oidl+6; | 188 | offset = oidl+6; |
| @@ -201,7 +197,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 201 | return GSS_S_FAILURE; | 197 | return GSS_S_FAILURE; |
| 202 | 198 | ||
| 203 | name->value = xmalloc(name->length+1); | 199 | name->value = xmalloc(name->length+1); |
| 204 | memcpy(name->value,tok+offset,name->length); | 200 | memcpy(name->value, tok+offset,name->length); |
| 205 | ((char *)name->value)[name->length] = 0; | 201 | ((char *)name->value)[name->length] = 0; |
| 206 | 202 | ||
| 207 | return GSS_S_COMPLETE; | 203 | return GSS_S_COMPLETE; |
| @@ -210,7 +206,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 210 | /* Extract the client details from a given context. This can only reliably | 206 | /* Extract the client details from a given context. This can only reliably |
| 211 | * be called once for a context */ | 207 | * be called once for a context */ |
| 212 | 208 | ||
| 213 | /* Priviledged (called from accept_secure_ctx) */ | 209 | /* Privileged (called from accept_secure_ctx) */ |
| 214 | OM_uint32 | 210 | OM_uint32 |
| 215 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | 211 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) |
| 216 | { | 212 | { |
| @@ -285,15 +281,14 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | |||
| 285 | 281 | ||
| 286 | if (gssapi_client.store.envvar != NULL && | 282 | if (gssapi_client.store.envvar != NULL && |
| 287 | gssapi_client.store.envval != NULL) { | 283 | gssapi_client.store.envval != NULL) { |
| 288 | |||
| 289 | debug("Setting %s to %s", gssapi_client.store.envvar, | 284 | debug("Setting %s to %s", gssapi_client.store.envvar, |
| 290 | gssapi_client.store.envval); | 285 | gssapi_client.store.envval); |
| 291 | child_set_env(envp, envsizep, gssapi_client.store.envvar, | 286 | child_set_env(envp, envsizep, gssapi_client.store.envvar, |
| 292 | gssapi_client.store.envval); | 287 | gssapi_client.store.envval); |
| 293 | } | 288 | } |
| 294 | } | 289 | } |
| 295 | 290 | ||
| 296 | /* Priviledged */ | 291 | /* Privileged */ |
| 297 | int | 292 | int |
| 298 | ssh_gssapi_userok(char *user) | 293 | ssh_gssapi_userok(char *user) |
| 299 | { | 294 | { |
| @@ -320,4 +315,14 @@ ssh_gssapi_userok(char *user) | |||
| 320 | return (0); | 315 | return (0); |
| 321 | } | 316 | } |
| 322 | 317 | ||
| 318 | /* Privileged */ | ||
| 319 | OM_uint32 | ||
| 320 | ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | ||
| 321 | { | ||
| 322 | ctx->major = gss_verify_mic(&ctx->minor, ctx->context, | ||
| 323 | gssbuf, gssmic, NULL); | ||
| 324 | |||
| 325 | return (ctx->major); | ||
| 326 | } | ||
| 327 | |||
| 323 | #endif | 328 | #endif |