From 8f6d0ed60eb0d790564a5f47ba63c9bc3c734058 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Tue, 12 Jun 2007 23:40:39 +1000
Subject:    - djm@cvs.openbsd.org 2007/06/12 08:20:00      [ssh-gss.h
 gss-serv.c gss-genr.c]      relocate server-only GSSAPI code from libssh to
 server; bz #1225      patch from simon AT sxw.org.uk; ok markus@ dtucker@

---
 gss-genr.c | 45 +--------------------------------------------
 1 file changed, 1 insertion(+), 44 deletions(-)

(limited to 'gss-genr.c')

diff --git a/gss-genr.c b/gss-genr.c
index 57f12a2dc..d2b718e7a 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-genr.c,v 1.17 2006/08/29 12:02:30 dtucker Exp $ */
+/* $OpenBSD: gss-genr.c,v 1.18 2007/06/12 08:20:00 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
@@ -226,39 +226,6 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
 	return (ctx->major);
 }
 
-/* Acquire credentials for a server running on the current host.
- * Requires that the context structure contains a valid OID
- */
-
-/* Returns a GSSAPI error code */
-OM_uint32
-ssh_gssapi_acquire_cred(Gssctxt *ctx)
-{
-	OM_uint32 status;
-	char lname[MAXHOSTNAMELEN];
-	gss_OID_set oidset;
-
-	gss_create_empty_oid_set(&status, &oidset);
-	gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
-	if (gethostname(lname, MAXHOSTNAMELEN)) {
-		gss_release_oid_set(&status, &oidset);
-		return (-1);
-	}
-
-	if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-		gss_release_oid_set(&status, &oidset);
-		return (ctx->major);
-	}
-
-	if ((ctx->major = gss_acquire_cred(&ctx->minor,
-	    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
-		ssh_gssapi_error(ctx);
-
-	gss_release_oid_set(&status, &oidset);
-	return (ctx->major);
-}
-
 OM_uint32
 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
 {
@@ -281,16 +248,6 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
 	buffer_put_cstring(b, context);
 }
 
-OM_uint32
-ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
-{
-	if (*ctx)
-		ssh_gssapi_delete_ctx(ctx);
-	ssh_gssapi_build_ctx(ctx);
-	ssh_gssapi_set_oid(*ctx, oid);
-	return (ssh_gssapi_acquire_cred(*ctx));
-}
-
 int
 ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
 {
-- 
cgit v1.2.3


From b1e128f75a46a81023482ed00e8e7989f5a95215 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Tue, 12 Jun 2007 23:44:36 +1000
Subject:    - dtucker@cvs.openbsd.org 2007/06/12 11:56:15      [gss-genr.c]   
   Pass GSS OID to gss_display_status to provide better information in     
 error messages.  Patch from Simon Wilkinson via bz 1220.  ok djm@

---
 ChangeLog  | 6 +++++-
 gss-genr.c | 8 ++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

(limited to 'gss-genr.c')

diff --git a/ChangeLog b/ChangeLog
index 1ad2b3573..f2984f406 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,10 @@
      [ssh.c]
      improved exit message from multiplex slave sessions; bz #1262
      reported by alexandre.nunes AT gmail.com; ok dtucker@
+   - dtucker@cvs.openbsd.org 2007/06/12 11:56:15
+     [gss-genr.c]
+     Pass GSS OID to gss_display_status to provide better information in
+     error messages.  Patch from Simon Wilkinson via bz 1220.  ok djm@
 
 20070611
  - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
@@ -3047,4 +3051,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4695 2007/06/12 13:44:10 dtucker Exp $
+$Id: ChangeLog,v 1.4696 2007/06/12 13:44:36 dtucker Exp $
diff --git a/gss-genr.c b/gss-genr.c
index d2b718e7a..e9190575d 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: gss-genr.c,v 1.18 2007/06/12 08:20:00 djm Exp $ */
+/* $OpenBSD: gss-genr.c,v 1.19 2007/06/12 11:56:15 dtucker Exp $ */
 
 /*
- * Copyright (c) 2001-2006 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -107,7 +107,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
 	/* The GSSAPI error */
 	do {
 		gss_display_status(&lmin, ctxt->major,
-		    GSS_C_GSS_CODE, GSS_C_NULL_OID, &ctx, &msg);
+		    GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg);
 
 		buffer_append(&b, msg.value, msg.length);
 		buffer_put_char(&b, '\n');
@@ -118,7 +118,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
 	/* The mechanism specific error */
 	do {
 		gss_display_status(&lmin, ctxt->minor,
-		    GSS_C_MECH_CODE, GSS_C_NULL_OID, &ctx, &msg);
+		    GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg);
 
 		buffer_append(&b, msg.value, msg.length);
 		buffer_put_char(&b, '\n');
-- 
cgit v1.2.3