diff options
Diffstat (limited to 'gss-serv.c')
| -rw-r--r-- | gss-serv.c | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/gss-serv.c b/gss-serv.c index 05ae54e97..190f56fc0 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| @@ -29,20 +29,17 @@ | |||
| 29 | #ifdef GSSAPI | 29 | #ifdef GSSAPI |
| 30 | 30 | ||
| 31 | #include "bufaux.h" | 31 | #include "bufaux.h" |
| 32 | #include "compat.h" | ||
| 33 | #include "auth.h" | 32 | #include "auth.h" |
| 34 | #include "log.h" | 33 | #include "log.h" |
| 35 | #include "channels.h" | 34 | #include "channels.h" |
| 36 | #include "session.h" | 35 | #include "session.h" |
| 37 | #include "servconf.h" | 36 | #include "servconf.h" |
| 38 | #include "monitor_wrap.h" | ||
| 39 | #include "xmalloc.h" | 37 | #include "xmalloc.h" |
| 40 | #include "getput.h" | 38 | #include "getput.h" |
| 39 | #include "monitor_wrap.h" | ||
| 41 | 40 | ||
| 42 | #include "ssh-gss.h" | 41 | #include "ssh-gss.h" |
| 43 | 42 | ||
| 44 | extern ServerOptions options; | ||
| 45 | |||
| 46 | static ssh_gssapi_client gssapi_client = | 43 | static ssh_gssapi_client gssapi_client = |
| 47 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, | 44 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, |
| 48 | GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; | 45 | GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; |
| @@ -61,7 +58,7 @@ ssh_gssapi_mech* supported_mechs[]= { | |||
| 61 | &gssapi_null_mech, | 58 | &gssapi_null_mech, |
| 62 | }; | 59 | }; |
| 63 | 60 | ||
| 64 | /* Unpriviledged */ | 61 | /* Unprivileged */ |
| 65 | char * | 62 | char * |
| 66 | ssh_gssapi_server_mechanisms() { | 63 | ssh_gssapi_server_mechanisms() { |
| 67 | gss_OID_set supported; | 64 | gss_OID_set supported; |
| @@ -71,19 +68,19 @@ ssh_gssapi_server_mechanisms() { | |||
| 71 | NULL)); | 68 | NULL)); |
| 72 | } | 69 | } |
| 73 | 70 | ||
| 74 | /* Unpriviledged */ | 71 | /* Unprivileged */ |
| 75 | int | 72 | int |
| 76 | ssh_gssapi_server_check_mech(gss_OID oid, void *data) { | 73 | ssh_gssapi_server_check_mech(gss_OID oid, void *data) { |
| 77 | Gssctxt * ctx = NULL; | 74 | Gssctxt * ctx = NULL; |
| 78 | int res; | 75 | int res; |
| 79 | 76 | ||
| 80 | res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid))); | 77 | res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid))); |
| 81 | ssh_gssapi_delete_ctx(&ctx); | 78 | ssh_gssapi_delete_ctx(&ctx); |
| 82 | 79 | ||
| 83 | return (res); | 80 | return (res); |
| 84 | } | 81 | } |
| 85 | 82 | ||
| 86 | /* Unpriviledged */ | 83 | /* Unprivileged */ |
| 87 | void | 84 | void |
| 88 | ssh_gssapi_supported_oids(gss_OID_set *oidset) | 85 | ssh_gssapi_supported_oids(gss_OID_set *oidset) |
| 89 | { | 86 | { |
| @@ -112,7 +109,7 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) | |||
| 112 | * oid | 109 | * oid |
| 113 | * credentials (from ssh_gssapi_acquire_cred) | 110 | * credentials (from ssh_gssapi_acquire_cred) |
| 114 | */ | 111 | */ |
| 115 | /* Priviledged */ | 112 | /* Privileged */ |
| 116 | OM_uint32 | 113 | OM_uint32 |
| 117 | ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, | 114 | ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, |
| 118 | gss_buffer_desc *send_tok, OM_uint32 *flags) | 115 | gss_buffer_desc *send_tok, OM_uint32 *flags) |
| @@ -160,14 +157,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 160 | OM_uint32 offset; | 157 | OM_uint32 offset; |
| 161 | OM_uint32 oidl; | 158 | OM_uint32 oidl; |
| 162 | 159 | ||
| 163 | tok=ename->value; | 160 | tok = ename->value; |
| 164 | 161 | ||
| 165 | /* | 162 | /* |
| 166 | * Check that ename is long enough for all of the fixed length | 163 | * Check that ename is long enough for all of the fixed length |
| 167 | * header, and that the initial ID bytes are correct | 164 | * header, and that the initial ID bytes are correct |
| 168 | */ | 165 | */ |
| 169 | 166 | ||
| 170 | if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0) | 167 | if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0) |
| 171 | return GSS_S_FAILURE; | 168 | return GSS_S_FAILURE; |
| 172 | 169 | ||
| 173 | /* | 170 | /* |
| @@ -186,7 +183,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 186 | */ | 183 | */ |
| 187 | if (tok[4] != 0x06 || tok[5] != oidl || | 184 | if (tok[4] != 0x06 || tok[5] != oidl || |
| 188 | ename->length < oidl+6 || | 185 | ename->length < oidl+6 || |
| 189 | !ssh_gssapi_check_oid(ctx,tok+6,oidl)) | 186 | !ssh_gssapi_check_oid(ctx, tok+6, oidl)) |
| 190 | return GSS_S_FAILURE; | 187 | return GSS_S_FAILURE; |
| 191 | 188 | ||
| 192 | offset = oidl+6; | 189 | offset = oidl+6; |
| @@ -201,7 +198,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 201 | return GSS_S_FAILURE; | 198 | return GSS_S_FAILURE; |
| 202 | 199 | ||
| 203 | name->value = xmalloc(name->length+1); | 200 | name->value = xmalloc(name->length+1); |
| 204 | memcpy(name->value,tok+offset,name->length); | 201 | memcpy(name->value, tok+offset,name->length); |
| 205 | ((char *)name->value)[name->length] = 0; | 202 | ((char *)name->value)[name->length] = 0; |
| 206 | 203 | ||
| 207 | return GSS_S_COMPLETE; | 204 | return GSS_S_COMPLETE; |
| @@ -210,7 +207,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
| 210 | /* Extract the client details from a given context. This can only reliably | 207 | /* Extract the client details from a given context. This can only reliably |
| 211 | * be called once for a context */ | 208 | * be called once for a context */ |
| 212 | 209 | ||
| 213 | /* Priviledged (called from accept_secure_ctx) */ | 210 | /* Privileged (called from accept_secure_ctx) */ |
| 214 | OM_uint32 | 211 | OM_uint32 |
| 215 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | 212 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) |
| 216 | { | 213 | { |
| @@ -285,15 +282,14 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | |||
| 285 | 282 | ||
| 286 | if (gssapi_client.store.envvar != NULL && | 283 | if (gssapi_client.store.envvar != NULL && |
| 287 | gssapi_client.store.envval != NULL) { | 284 | gssapi_client.store.envval != NULL) { |
| 288 | |||
| 289 | debug("Setting %s to %s", gssapi_client.store.envvar, | 285 | debug("Setting %s to %s", gssapi_client.store.envvar, |
| 290 | gssapi_client.store.envval); | 286 | gssapi_client.store.envval); |
| 291 | child_set_env(envp, envsizep, gssapi_client.store.envvar, | 287 | child_set_env(envp, envsizep, gssapi_client.store.envvar, |
| 292 | gssapi_client.store.envval); | 288 | gssapi_client.store.envval); |
| 293 | } | 289 | } |
| 294 | } | 290 | } |
| 295 | 291 | ||
| 296 | /* Priviledged */ | 292 | /* Privileged */ |
| 297 | int | 293 | int |
| 298 | ssh_gssapi_userok(char *user) | 294 | ssh_gssapi_userok(char *user) |
| 299 | { | 295 | { |