tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2003/11/14 13:19:09 

[sshconnect2.c]
     cleanup and minor fixes for the client code; from Simon Wilkinson
This commit is contained in:
Damien Miller 2003-11-17 21:20:18 +11:00
parent fe44847cb8
commit 91c6aa4468
2 changed files with 40 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -37,6 +37,9 @@
- jmc@cvs.openbsd.org 2003/11/12 20:14:51 - jmc@cvs.openbsd.org 2003/11/12 20:14:51
[ssh_config.5] [ssh_config.5]
make verb agree with subject, and kill some whitespace; make verb agree with subject, and kill some whitespace;
- markus@cvs.openbsd.org 2003/11/14 13:19:09
[sshconnect2.c]
cleanup and minor fixes for the client code; from Simon Wilkinson
20031115 20031115
- (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@ -1457,4 +1460,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.3107 2003/11/17 10:19:49 djm Exp $ $Id: ChangeLog,v 1.3108 2003/11/17 10:20:18 djm Exp $

80
sshconnect2.c
View File

@ -23,7 +23,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.129 2003/11/02 11:01:03 markus Exp $"); RCSID("$OpenBSD: sshconnect2.c,v 1.130 2003/11/14 13:19:09 markus Exp $");
#include "openbsd-compat/sys-queue.h" #include "openbsd-compat/sys-queue.h"
@ -537,15 +537,44 @@ userauth_gssapi(Authctxt *authctxt)
return 1; return 1;
} }
static OM_uint32
process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt = authctxt->methoddata;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
OM_uint32 status, ms;
status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
recv_tok, &send_tok, NULL);
if (send_tok.length > 0) {
if (GSS_ERROR(status))
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
else
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
gss_release_buffer(&ms, &send_tok);
}
if (status == GSS_S_COMPLETE) {
/* If that succeeded, send a exchange complete message */
packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
packet_send();
}
return status;
}
void void
input_gssapi_response(int type, u_int32_t plen, void *ctxt) input_gssapi_response(int type, u_int32_t plen, void *ctxt)
{ {
Authctxt *authctxt = ctxt; Authctxt *authctxt = ctxt;
Gssctxt *gssctxt; Gssctxt *gssctxt;
OM_uint32 status, ms;
int oidlen; int oidlen;
char *oidv; char *oidv;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
if (authctxt == NULL) if (authctxt == NULL)
fatal("input_gssapi_response: no authentication context"); fatal("input_gssapi_response: no authentication context");
@ -557,9 +586,9 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
if (oidlen <= 2 || if (oidlen <= 2 ||
oidv[0] != SSH_GSS_OIDTYPE || oidv[0] != SSH_GSS_OIDTYPE ||
oidv[1] != oidlen - 2) { oidv[1] != oidlen - 2) {
xfree(oidv);
debug("Badly encoded mechanism OID received"); debug("Badly encoded mechanism OID received");
userauth(authctxt, NULL); userauth(authctxt, NULL);
xfree(oidv);
return; return;
} }
@ -570,76 +599,39 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
xfree(oidv); xfree(oidv);
status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
GSS_C_NO_BUFFER, &send_tok, NULL);
if (GSS_ERROR(status)) {
if (send_tok.length > 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
gss_release_buffer(&ms, &send_tok);
}
/* Start again with next method on list */ /* Start again with next method on list */
debug("Trying to start again"); debug("Trying to start again");
userauth(authctxt, NULL); userauth(authctxt, NULL);
return; return;
} }
/* We must have data to send */
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
gss_release_buffer(&ms, &send_tok);
} }
void void
input_gssapi_token(int type, u_int32_t plen, void *ctxt) input_gssapi_token(int type, u_int32_t plen, void *ctxt)
{ {
Authctxt *authctxt = ctxt; Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok; gss_buffer_desc recv_tok;
OM_uint32 status, ms; OM_uint32 status;
u_int slen; u_int slen;
if (authctxt == NULL) if (authctxt == NULL)
fatal("input_gssapi_response: no authentication context"); fatal("input_gssapi_response: no authentication context");
gssctxt = authctxt->methoddata;
recv_tok.value = packet_get_string(&slen); recv_tok.value = packet_get_string(&slen);
recv_tok.length = slen; /* safe typecast */ recv_tok.length = slen; /* safe typecast */
packet_check_eom(); packet_check_eom();
status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, status = process_gssapi_token(ctxt, &recv_tok);
&recv_tok, &send_tok, NULL);
xfree(recv_tok.value); xfree(recv_tok.value);
if (GSS_ERROR(status)) { if (GSS_ERROR(status)) {
if (send_tok.length > 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
gss_release_buffer(&ms, &send_tok);
}
/* Start again with the next method in the list */ /* Start again with the next method in the list */
userauth(authctxt, NULL); userauth(authctxt, NULL);
return; return;
} }
if (send_tok.length > 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
gss_release_buffer(&ms, &send_tok);
}
if (status == GSS_S_COMPLETE) {
/* If that succeeded, send a exchange complete message */
packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
packet_send();
}
} }
void void