diff options
Diffstat (limited to 'gss-serv.c')
-rw-r--r-- | gss-serv.c | 27 |
1 files changed, 11 insertions, 16 deletions
diff --git a/gss-serv.c b/gss-serv.c index 117130459..26eec25bd 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
@@ -29,20 +29,16 @@ | |||
29 | #ifdef GSSAPI | 29 | #ifdef GSSAPI |
30 | 30 | ||
31 | #include "bufaux.h" | 31 | #include "bufaux.h" |
32 | #include "compat.h" | ||
33 | #include "auth.h" | 32 | #include "auth.h" |
34 | #include "log.h" | 33 | #include "log.h" |
35 | #include "channels.h" | 34 | #include "channels.h" |
36 | #include "session.h" | 35 | #include "session.h" |
37 | #include "servconf.h" | 36 | #include "servconf.h" |
38 | #include "monitor_wrap.h" | ||
39 | #include "xmalloc.h" | 37 | #include "xmalloc.h" |
40 | #include "getput.h" | 38 | #include "getput.h" |
41 | 39 | ||
42 | #include "ssh-gss.h" | 40 | #include "ssh-gss.h" |
43 | 41 | ||
44 | extern ServerOptions options; | ||
45 | |||
46 | static ssh_gssapi_client gssapi_client = | 42 | static ssh_gssapi_client gssapi_client = |
47 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, | 43 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, |
48 | GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; | 44 | GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; |
@@ -61,7 +57,7 @@ ssh_gssapi_mech* supported_mechs[]= { | |||
61 | &gssapi_null_mech, | 57 | &gssapi_null_mech, |
62 | }; | 58 | }; |
63 | 59 | ||
64 | /* Unpriviledged */ | 60 | /* Unprivileged */ |
65 | void | 61 | void |
66 | ssh_gssapi_supported_oids(gss_OID_set *oidset) | 62 | ssh_gssapi_supported_oids(gss_OID_set *oidset) |
67 | { | 63 | { |
@@ -90,7 +86,7 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) | |||
90 | * oid | 86 | * oid |
91 | * credentials (from ssh_gssapi_acquire_cred) | 87 | * credentials (from ssh_gssapi_acquire_cred) |
92 | */ | 88 | */ |
93 | /* Priviledged */ | 89 | /* Privileged */ |
94 | OM_uint32 | 90 | OM_uint32 |
95 | ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, | 91 | ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, |
96 | gss_buffer_desc *send_tok, OM_uint32 *flags) | 92 | gss_buffer_desc *send_tok, OM_uint32 *flags) |
@@ -138,14 +134,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
138 | OM_uint32 offset; | 134 | OM_uint32 offset; |
139 | OM_uint32 oidl; | 135 | OM_uint32 oidl; |
140 | 136 | ||
141 | tok=ename->value; | 137 | tok = ename->value; |
142 | 138 | ||
143 | /* | 139 | /* |
144 | * Check that ename is long enough for all of the fixed length | 140 | * Check that ename is long enough for all of the fixed length |
145 | * header, and that the initial ID bytes are correct | 141 | * header, and that the initial ID bytes are correct |
146 | */ | 142 | */ |
147 | 143 | ||
148 | if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0) | 144 | if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0) |
149 | return GSS_S_FAILURE; | 145 | return GSS_S_FAILURE; |
150 | 146 | ||
151 | /* | 147 | /* |
@@ -164,7 +160,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
164 | */ | 160 | */ |
165 | if (tok[4] != 0x06 || tok[5] != oidl || | 161 | if (tok[4] != 0x06 || tok[5] != oidl || |
166 | ename->length < oidl+6 || | 162 | ename->length < oidl+6 || |
167 | !ssh_gssapi_check_oid(ctx,tok+6,oidl)) | 163 | !ssh_gssapi_check_oid(ctx, tok+6, oidl)) |
168 | return GSS_S_FAILURE; | 164 | return GSS_S_FAILURE; |
169 | 165 | ||
170 | offset = oidl+6; | 166 | offset = oidl+6; |
@@ -179,7 +175,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
179 | return GSS_S_FAILURE; | 175 | return GSS_S_FAILURE; |
180 | 176 | ||
181 | name->value = xmalloc(name->length+1); | 177 | name->value = xmalloc(name->length+1); |
182 | memcpy(name->value,tok+offset,name->length); | 178 | memcpy(name->value, tok+offset,name->length); |
183 | ((char *)name->value)[name->length] = 0; | 179 | ((char *)name->value)[name->length] = 0; |
184 | 180 | ||
185 | return GSS_S_COMPLETE; | 181 | return GSS_S_COMPLETE; |
@@ -188,7 +184,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) | |||
188 | /* Extract the client details from a given context. This can only reliably | 184 | /* Extract the client details from a given context. This can only reliably |
189 | * be called once for a context */ | 185 | * be called once for a context */ |
190 | 186 | ||
191 | /* Priviledged (called from accept_secure_ctx) */ | 187 | /* Privileged (called from accept_secure_ctx) */ |
192 | OM_uint32 | 188 | OM_uint32 |
193 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | 189 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) |
194 | { | 190 | { |
@@ -263,15 +259,14 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | |||
263 | 259 | ||
264 | if (gssapi_client.store.envvar != NULL && | 260 | if (gssapi_client.store.envvar != NULL && |
265 | gssapi_client.store.envval != NULL) { | 261 | gssapi_client.store.envval != NULL) { |
266 | |||
267 | debug("Setting %s to %s", gssapi_client.store.envvar, | 262 | debug("Setting %s to %s", gssapi_client.store.envvar, |
268 | gssapi_client.store.envval); | 263 | gssapi_client.store.envval); |
269 | child_set_env(envp, envsizep, gssapi_client.store.envvar, | 264 | child_set_env(envp, envsizep, gssapi_client.store.envvar, |
270 | gssapi_client.store.envval); | 265 | gssapi_client.store.envval); |
271 | } | 266 | } |
272 | } | 267 | } |
273 | 268 | ||
274 | /* Priviledged */ | 269 | /* Privileged */ |
275 | int | 270 | int |
276 | ssh_gssapi_userok(char *user) | 271 | ssh_gssapi_userok(char *user) |
277 | { | 272 | { |
@@ -298,7 +293,7 @@ ssh_gssapi_userok(char *user) | |||
298 | return (0); | 293 | return (0); |
299 | } | 294 | } |
300 | 295 | ||
301 | /* Priviledged */ | 296 | /* Privileged */ |
302 | OM_uint32 | 297 | OM_uint32 |
303 | ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | 298 | ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) |
304 | { | 299 | { |