summaryrefslogtreecommitdiff
path: root/gss-serv.c
diff options
context:
space:
mode:
Diffstat (limited to 'gss-serv.c')
-rw-r--r--gss-serv.c34
1 files changed, 15 insertions, 19 deletions
diff --git a/gss-serv.c b/gss-serv.c
index 05ae54e97..190f56fc0 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ 1/* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -29,20 +29,17 @@
29#ifdef GSSAPI 29#ifdef GSSAPI
30 30
31#include "bufaux.h" 31#include "bufaux.h"
32#include "compat.h"
33#include "auth.h" 32#include "auth.h"
34#include "log.h" 33#include "log.h"
35#include "channels.h" 34#include "channels.h"
36#include "session.h" 35#include "session.h"
37#include "servconf.h" 36#include "servconf.h"
38#include "monitor_wrap.h"
39#include "xmalloc.h" 37#include "xmalloc.h"
40#include "getput.h" 38#include "getput.h"
39#include "monitor_wrap.h"
41 40
42#include "ssh-gss.h" 41#include "ssh-gss.h"
43 42
44extern ServerOptions options;
45
46static ssh_gssapi_client gssapi_client = 43static ssh_gssapi_client gssapi_client =
47 { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, 44 { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
48 GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; 45 GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
@@ -61,7 +58,7 @@ ssh_gssapi_mech* supported_mechs[]= {
61 &gssapi_null_mech, 58 &gssapi_null_mech,
62}; 59};
63 60
64/* Unpriviledged */ 61/* Unprivileged */
65char * 62char *
66ssh_gssapi_server_mechanisms() { 63ssh_gssapi_server_mechanisms() {
67 gss_OID_set supported; 64 gss_OID_set supported;
@@ -71,19 +68,19 @@ ssh_gssapi_server_mechanisms() {
71 NULL)); 68 NULL));
72} 69}
73 70
74/* Unpriviledged */ 71/* Unprivileged */
75int 72int
76ssh_gssapi_server_check_mech(gss_OID oid, void *data) { 73ssh_gssapi_server_check_mech(gss_OID oid, void *data) {
77 Gssctxt * ctx = NULL; 74 Gssctxt * ctx = NULL;
78 int res; 75 int res;
79 76
80 res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid))); 77 res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid)));
81 ssh_gssapi_delete_ctx(&ctx); 78 ssh_gssapi_delete_ctx(&ctx);
82 79
83 return (res); 80 return (res);
84} 81}
85 82
86/* Unpriviledged */ 83/* Unprivileged */
87void 84void
88ssh_gssapi_supported_oids(gss_OID_set *oidset) 85ssh_gssapi_supported_oids(gss_OID_set *oidset)
89{ 86{
@@ -112,7 +109,7 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
112 * oid 109 * oid
113 * credentials (from ssh_gssapi_acquire_cred) 110 * credentials (from ssh_gssapi_acquire_cred)
114 */ 111 */
115/* Priviledged */ 112/* Privileged */
116OM_uint32 113OM_uint32
117ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, 114ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
118 gss_buffer_desc *send_tok, OM_uint32 *flags) 115 gss_buffer_desc *send_tok, OM_uint32 *flags)
@@ -160,14 +157,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
160 OM_uint32 offset; 157 OM_uint32 offset;
161 OM_uint32 oidl; 158 OM_uint32 oidl;
162 159
163 tok=ename->value; 160 tok = ename->value;
164 161
165 /* 162 /*
166 * Check that ename is long enough for all of the fixed length 163 * Check that ename is long enough for all of the fixed length
167 * header, and that the initial ID bytes are correct 164 * header, and that the initial ID bytes are correct
168 */ 165 */
169 166
170 if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0) 167 if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0)
171 return GSS_S_FAILURE; 168 return GSS_S_FAILURE;
172 169
173 /* 170 /*
@@ -186,7 +183,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
186 */ 183 */
187 if (tok[4] != 0x06 || tok[5] != oidl || 184 if (tok[4] != 0x06 || tok[5] != oidl ||
188 ename->length < oidl+6 || 185 ename->length < oidl+6 ||
189 !ssh_gssapi_check_oid(ctx,tok+6,oidl)) 186 !ssh_gssapi_check_oid(ctx, tok+6, oidl))
190 return GSS_S_FAILURE; 187 return GSS_S_FAILURE;
191 188
192 offset = oidl+6; 189 offset = oidl+6;
@@ -201,7 +198,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
201 return GSS_S_FAILURE; 198 return GSS_S_FAILURE;
202 199
203 name->value = xmalloc(name->length+1); 200 name->value = xmalloc(name->length+1);
204 memcpy(name->value,tok+offset,name->length); 201 memcpy(name->value, tok+offset,name->length);
205 ((char *)name->value)[name->length] = 0; 202 ((char *)name->value)[name->length] = 0;
206 203
207 return GSS_S_COMPLETE; 204 return GSS_S_COMPLETE;
@@ -210,7 +207,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
210/* Extract the client details from a given context. This can only reliably 207/* Extract the client details from a given context. This can only reliably
211 * be called once for a context */ 208 * be called once for a context */
212 209
213/* Priviledged (called from accept_secure_ctx) */ 210/* Privileged (called from accept_secure_ctx) */
214OM_uint32 211OM_uint32
215ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) 212ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
216{ 213{
@@ -285,15 +282,14 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
285 282
286 if (gssapi_client.store.envvar != NULL && 283 if (gssapi_client.store.envvar != NULL &&
287 gssapi_client.store.envval != NULL) { 284 gssapi_client.store.envval != NULL) {
288
289 debug("Setting %s to %s", gssapi_client.store.envvar, 285 debug("Setting %s to %s", gssapi_client.store.envvar,
290 gssapi_client.store.envval); 286 gssapi_client.store.envval);
291 child_set_env(envp, envsizep, gssapi_client.store.envvar, 287 child_set_env(envp, envsizep, gssapi_client.store.envvar,
292 gssapi_client.store.envval); 288 gssapi_client.store.envval);
293 } 289 }
294} 290}
295 291
296/* Priviledged */ 292/* Privileged */
297int 293int
298ssh_gssapi_userok(char *user) 294ssh_gssapi_userok(char *user)
299{ 295{