diff options
author | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:40:29 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:40:29 +0000 |
commit | a25ec0b132c44c9e341e08464ff830de06b81126 (patch) | |
tree | e20842d80f9e25cb6cf09525abea63f7bf655dd7 /gss-serv.c | |
parent | 1b816ea846aca3ee89e7995373ace609e9518424 (diff) | |
parent | 70847d299887abb96f8703ca99db6d817b78960e (diff) |
import openssh-4.7p1-gsskex-20070927.patch
Diffstat (limited to 'gss-serv.c')
-rw-r--r-- | gss-serv.c | 100 |
1 files changed, 49 insertions, 51 deletions
diff --git a/gss-serv.c b/gss-serv.c index 841d8bb2f..e157ec515 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv.c,v 1.20 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved. |
@@ -29,6 +29,7 @@ | |||
29 | #ifdef GSSAPI | 29 | #ifdef GSSAPI |
30 | 30 | ||
31 | #include <sys/types.h> | 31 | #include <sys/types.h> |
32 | #include <sys/param.h> | ||
32 | 33 | ||
33 | #include <stdarg.h> | 34 | #include <stdarg.h> |
34 | #include <string.h> | 35 | #include <string.h> |
@@ -68,6 +69,53 @@ ssh_gssapi_mech* supported_mechs[]= { | |||
68 | &gssapi_null_mech, | 69 | &gssapi_null_mech, |
69 | }; | 70 | }; |
70 | 71 | ||
72 | |||
73 | /* | ||
74 | * Acquire credentials for a server running on the current host. | ||
75 | * Requires that the context structure contains a valid OID | ||
76 | */ | ||
77 | |||
78 | /* Returns a GSSAPI error code */ | ||
79 | /* Privileged (called from ssh_gssapi_server_ctx) */ | ||
80 | static OM_uint32 | ||
81 | ssh_gssapi_acquire_cred(Gssctxt *ctx) | ||
82 | { | ||
83 | OM_uint32 status; | ||
84 | char lname[MAXHOSTNAMELEN]; | ||
85 | gss_OID_set oidset; | ||
86 | |||
87 | gss_create_empty_oid_set(&status, &oidset); | ||
88 | gss_add_oid_set_member(&status, ctx->oid, &oidset); | ||
89 | |||
90 | if (gethostname(lname, MAXHOSTNAMELEN)) { | ||
91 | gss_release_oid_set(&status, &oidset); | ||
92 | return (-1); | ||
93 | } | ||
94 | |||
95 | if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { | ||
96 | gss_release_oid_set(&status, &oidset); | ||
97 | return (ctx->major); | ||
98 | } | ||
99 | |||
100 | if ((ctx->major = gss_acquire_cred(&ctx->minor, | ||
101 | ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) | ||
102 | ssh_gssapi_error(ctx); | ||
103 | |||
104 | gss_release_oid_set(&status, &oidset); | ||
105 | return (ctx->major); | ||
106 | } | ||
107 | |||
108 | /* Privileged */ | ||
109 | OM_uint32 | ||
110 | ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | ||
111 | { | ||
112 | if (*ctx) | ||
113 | ssh_gssapi_delete_ctx(ctx); | ||
114 | ssh_gssapi_build_ctx(ctx); | ||
115 | ssh_gssapi_set_oid(*ctx, oid); | ||
116 | return (ssh_gssapi_acquire_cred(*ctx)); | ||
117 | } | ||
118 | |||
71 | /* Unprivileged */ | 119 | /* Unprivileged */ |
72 | char * | 120 | char * |
73 | ssh_gssapi_server_mechanisms() { | 121 | ssh_gssapi_server_mechanisms() { |
@@ -115,56 +163,6 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) | |||
115 | gss_release_oid_set(&min_status, &supported); | 163 | gss_release_oid_set(&min_status, &supported); |
116 | } | 164 | } |
117 | 165 | ||
118 | OM_uint32 | ||
119 | ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | ||
120 | { | ||
121 | if (*ctx) | ||
122 | ssh_gssapi_delete_ctx(ctx); | ||
123 | ssh_gssapi_build_ctx(ctx); | ||
124 | ssh_gssapi_set_oid(*ctx, oid); | ||
125 | return (ssh_gssapi_acquire_cred(*ctx)); | ||
126 | } | ||
127 | |||
128 | /* Acquire credentials for a server running on the current host. | ||
129 | * Requires that the context structure contains a valid OID | ||
130 | */ | ||
131 | |||
132 | /* Returns a GSSAPI error code */ | ||
133 | OM_uint32 | ||
134 | ssh_gssapi_acquire_cred(Gssctxt *ctx) | ||
135 | { | ||
136 | OM_uint32 status; | ||
137 | char lname[MAXHOSTNAMELEN]; | ||
138 | gss_OID_set oidset; | ||
139 | |||
140 | if (options.gss_strict_acceptor) { | ||
141 | gss_create_empty_oid_set(&status, &oidset); | ||
142 | gss_add_oid_set_member(&status, ctx->oid, &oidset); | ||
143 | |||
144 | if (gethostname(lname, MAXHOSTNAMELEN)) { | ||
145 | gss_release_oid_set(&status, &oidset); | ||
146 | return (-1); | ||
147 | } | ||
148 | |||
149 | if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { | ||
150 | gss_release_oid_set(&status, &oidset); | ||
151 | return (ctx->major); | ||
152 | } | ||
153 | |||
154 | if ((ctx->major = gss_acquire_cred(&ctx->minor, | ||
155 | ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, | ||
156 | NULL, NULL))) | ||
157 | ssh_gssapi_error(ctx); | ||
158 | |||
159 | gss_release_oid_set(&status, &oidset); | ||
160 | return (ctx->major); | ||
161 | } else { | ||
162 | ctx->name = GSS_C_NO_NAME; | ||
163 | ctx->creds = GSS_C_NO_CREDENTIAL; | ||
164 | } | ||
165 | return GSS_S_COMPLETE; | ||
166 | } | ||
167 | |||
168 | 166 | ||
169 | /* Wrapper around accept_sec_context | 167 | /* Wrapper around accept_sec_context |
170 | * Requires that the context contains: | 168 | * Requires that the context contains: |