diff options
Diffstat (limited to 'auth2-gss.c')
-rw-r--r-- | auth2-gss.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/auth2-gss.c b/auth2-gss.c index 95844a05e..a6a9c05cd 100644 --- a/auth2-gss.c +++ b/auth2-gss.c | |||
@@ -46,6 +46,39 @@ static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt); | |||
46 | static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt); | 46 | static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt); |
47 | static void input_gssapi_errtok(int, u_int32_t, void *); | 47 | static void input_gssapi_errtok(int, u_int32_t, void *); |
48 | 48 | ||
49 | /* | ||
50 | * The 'gssapi_keyex' userauth mechanism. | ||
51 | */ | ||
52 | static int | ||
53 | userauth_gsskeyex(Authctxt *authctxt) | ||
54 | { | ||
55 | int authenticated = 0; | ||
56 | Buffer b; | ||
57 | gss_buffer_desc mic, gssbuf; | ||
58 | u_int len; | ||
59 | |||
60 | mic.value = packet_get_string(&len); | ||
61 | mic.length = len; | ||
62 | |||
63 | packet_check_eom(); | ||
64 | |||
65 | ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, | ||
66 | "gssapi-keyex"); | ||
67 | |||
68 | gssbuf.value = buffer_ptr(&b); | ||
69 | gssbuf.length = buffer_len(&b); | ||
70 | |||
71 | /* gss_kex_context is NULL with privsep, so we can't check it here */ | ||
72 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context, | ||
73 | &gssbuf, &mic)))) | ||
74 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); | ||
75 | |||
76 | buffer_free(&b); | ||
77 | xfree(mic.value); | ||
78 | |||
79 | return (authenticated); | ||
80 | } | ||
81 | |||
49 | /* | 82 | /* |
50 | * We only support those mechanisms that we know about (ie ones that we know | 83 | * We only support those mechanisms that we know about (ie ones that we know |
51 | * how to check local user kuserok and the like) | 84 | * how to check local user kuserok and the like) |
@@ -284,6 +317,12 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | |||
284 | userauth_finish(authctxt, authenticated, "gssapi-with-mic"); | 317 | userauth_finish(authctxt, authenticated, "gssapi-with-mic"); |
285 | } | 318 | } |
286 | 319 | ||
320 | Authmethod method_gsskeyex = { | ||
321 | "gssapi-keyx", | ||
322 | userauth_gsskeyex, | ||
323 | &options.gss_authentication | ||
324 | }; | ||
325 | |||
287 | Authmethod method_gssapi = { | 326 | Authmethod method_gssapi = { |
288 | "gssapi-with-mic", | 327 | "gssapi-with-mic", |
289 | userauth_gssapi, | 328 | userauth_gssapi, |