import openssh-4.7p1-gsskex-20070927.patch

1 files changed, 49 insertions, 51 deletions

diff --git a/gss-serv.c b/gss-serv.c
index 841d8bb2f..e157ec515 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
@@ -29,6 +29,7 @@
 #ifdef GSSAPI
 
 #include <sys/types.h>
+#include <sys/param.h>
 
 #include <stdarg.h>
 #include <string.h>
@@ -68,6 +69,53 @@ ssh_gssapi_mech* supported_mechs[]= {
         &gssapi_null_mech,
 };
 
+
+/*
+ * Acquire credentials for a server running on the current host.
+ * Requires that the context structure contains a valid OID
+ */
+
+/* Returns a GSSAPI error code */
+/* Privileged (called from ssh_gssapi_server_ctx) */
+static OM_uint32
+ssh_gssapi_acquire_cred(Gssctxt *ctx)
+{
+        OM_uint32 status;
+        char lname[MAXHOSTNAMELEN];
+        gss_OID_set oidset;
+
+        gss_create_empty_oid_set(&status, &oidset);
+        gss_add_oid_set_member(&status, ctx->oid, &oidset);
+
+        if (gethostname(lname, MAXHOSTNAMELEN)) {
+                gss_release_oid_set(&status, &oidset);
+                return (-1);
+        }
+
+        if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
+                gss_release_oid_set(&status, &oidset);
+                return (ctx->major);
+        }
+
+        if ((ctx->major = gss_acquire_cred(&ctx->minor,
+            ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
+                ssh_gssapi_error(ctx);
+
+        gss_release_oid_set(&status, &oidset);
+        return (ctx->major);
+}
+
+/* Privileged */
+OM_uint32
+ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
+{
+        if (*ctx)
+                ssh_gssapi_delete_ctx(ctx);
+        ssh_gssapi_build_ctx(ctx);
+        ssh_gssapi_set_oid(*ctx, oid);
+        return (ssh_gssapi_acquire_cred(*ctx));
+}
+
 /* Unprivileged */
 char *
 ssh_gssapi_server_mechanisms() {
@@ -115,56 +163,6 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
         gss_release_oid_set(&min_status, &supported);
 }
 
-OM_uint32
-ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
-{
-        if (*ctx)
-                ssh_gssapi_delete_ctx(ctx);
-        ssh_gssapi_build_ctx(ctx);
-        ssh_gssapi_set_oid(*ctx, oid);
-        return (ssh_gssapi_acquire_cred(*ctx));
-}
-
-/* Acquire credentials for a server running on the current host.
- * Requires that the context structure contains a valid OID
- */
-
-/* Returns a GSSAPI error code */
-OM_uint32
-ssh_gssapi_acquire_cred(Gssctxt *ctx)
-{
-        OM_uint32 status;
-        char lname[MAXHOSTNAMELEN];
-        gss_OID_set oidset;
-
-        if (options.gss_strict_acceptor) {
-                gss_create_empty_oid_set(&status, &oidset);
-                gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
-                if (gethostname(lname, MAXHOSTNAMELEN)) {
-                        gss_release_oid_set(&status, &oidset);
-                        return (-1);
-                }
-
-                if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-                        gss_release_oid_set(&status, &oidset);
-                        return (ctx->major);
-                }
-
-                if ((ctx->major = gss_acquire_cred(&ctx->minor,
-                    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, 
-                    NULL, NULL)))
-                        ssh_gssapi_error(ctx);
-
-                gss_release_oid_set(&status, &oidset);
-                return (ctx->major);
-        } else {
-                ctx->name = GSS_C_NO_NAME;
-                ctx->creds = GSS_C_NO_CREDENTIAL;
-        }
-        return GSS_S_COMPLETE;
-}
-
 
 /* Wrapper around accept_sec_context
  * Requires that the context contains: