diff options
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 36 |
1 files changed, 29 insertions, 7 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 388a25741..f6368aadd 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.131 2003/11/17 09:45:39 djm Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.132 2003/11/17 11:06:07 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include "openbsd-compat/sys-queue.h" | 28 | #include "openbsd-compat/sys-queue.h" |
| 29 | 29 | ||
| @@ -222,7 +222,7 @@ static char *authmethods_get(void); | |||
| 222 | 222 | ||
| 223 | Authmethod authmethods[] = { | 223 | Authmethod authmethods[] = { |
| 224 | #ifdef GSSAPI | 224 | #ifdef GSSAPI |
| 225 | {"gssapi", | 225 | {"gssapi-with-mic", |
| 226 | userauth_gssapi, | 226 | userauth_gssapi, |
| 227 | &options.gss_authentication, | 227 | &options.gss_authentication, |
| 228 | NULL}, | 228 | NULL}, |
| @@ -543,10 +543,12 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) | |||
| 543 | Authctxt *authctxt = ctxt; | 543 | Authctxt *authctxt = ctxt; |
| 544 | Gssctxt *gssctxt = authctxt->methoddata; | 544 | Gssctxt *gssctxt = authctxt->methoddata; |
| 545 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | 545 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; |
| 546 | OM_uint32 status, ms; | 546 | gss_buffer_desc gssbuf, mic; |
| 547 | OM_uint32 status, ms, flags; | ||
| 548 | Buffer b; | ||
| 547 | 549 | ||
| 548 | status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, | 550 | status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, |
| 549 | recv_tok, &send_tok, NULL); | 551 | recv_tok, &send_tok, &flags); |
| 550 | 552 | ||
| 551 | if (send_tok.length > 0) { | 553 | if (send_tok.length > 0) { |
| 552 | if (GSS_ERROR(status)) | 554 | if (GSS_ERROR(status)) |
| @@ -560,9 +562,29 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) | |||
| 560 | } | 562 | } |
| 561 | 563 | ||
| 562 | if (status == GSS_S_COMPLETE) { | 564 | if (status == GSS_S_COMPLETE) { |
| 563 | /* If that succeeded, send a exchange complete message */ | 565 | /* send either complete or MIC, depending on mechanism */ |
| 564 | packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); | 566 | if (!(flags & GSS_C_INTEG_FLAG)) { |
| 565 | packet_send(); | 567 | packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); |
| 568 | packet_send(); | ||
| 569 | } else { | ||
| 570 | ssh_gssapi_buildmic(&b, authctxt->server_user, | ||
| 571 | authctxt->service, "gssapi-with-mic"); | ||
| 572 | |||
| 573 | gssbuf.value = buffer_ptr(&b); | ||
| 574 | gssbuf.length = buffer_len(&b); | ||
| 575 | |||
| 576 | status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); | ||
| 577 | |||
| 578 | if (!GSS_ERROR(status)) { | ||
| 579 | packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); | ||
| 580 | packet_put_string(mic.value, mic.length); | ||
| 581 | |||
| 582 | packet_send(); | ||
| 583 | } | ||
| 584 | |||
| 585 | buffer_free(&b); | ||
| 586 | gss_release_buffer(&ms, &mic); | ||
| 587 | } | ||
| 566 | } | 588 | } |
| 567 | 589 | ||
| 568 | return status; | 590 | return status; |