mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-12-05 01:02:39 +03:00
gssapi: Print minor stat in error logging function
This also releases the memory allocated for the messages. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Andreas Schneider
108
src/gssapi.c
108
src/gssapi.c
@@ -129,11 +129,53 @@ static int ssh_gssapi_send_response(ssh_session session, ssh_string oid){
|
|||||||
|
|
||||||
#endif /* WITH_SERVER */
|
#endif /* WITH_SERVER */
|
||||||
|
|
||||||
static void ssh_gssapi_log_error(int verb, const char *msg, int maj_stat){
|
static void ssh_gssapi_log_error(int verb,
|
||||||
gss_buffer_desc buffer;
|
const char *msg,
|
||||||
OM_uint32 dummy, message_context;
|
int maj_stat,
|
||||||
gss_display_status(&dummy,maj_stat,GSS_C_GSS_CODE, GSS_C_NO_OID, &message_context, &buffer);
|
int min_stat)
|
||||||
SSH_LOG(verb, "GSSAPI(%s): %s", msg, (const char *)buffer.value);
|
{
|
||||||
|
gss_buffer_desc msg_maj = {
|
||||||
|
.length = 0,
|
||||||
|
};
|
||||||
|
gss_buffer_desc msg_min = {
|
||||||
|
.length = 0,
|
||||||
|
};
|
||||||
|
OM_uint32 dummy_maj, dummy_min;
|
||||||
|
OM_uint32 message_context = 0;
|
||||||
|
|
||||||
|
dummy_maj = gss_display_status(&dummy_min,
|
||||||
|
maj_stat,
|
||||||
|
GSS_C_GSS_CODE,
|
||||||
|
GSS_C_NO_OID,
|
||||||
|
&message_context,
|
||||||
|
&msg_maj);
|
||||||
|
if (dummy_maj != 0) {
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
dummy_maj = gss_display_status(&dummy_min,
|
||||||
|
min_stat,
|
||||||
|
GSS_C_MECH_CODE,
|
||||||
|
GSS_C_NO_OID,
|
||||||
|
&message_context,
|
||||||
|
&msg_min);
|
||||||
|
if (dummy_maj != 0) {
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
SSH_LOG(verb,
|
||||||
|
"GSSAPI(%s): %s - %s",
|
||||||
|
msg,
|
||||||
|
(const char *)msg_maj.value,
|
||||||
|
(const char *)msg_min.value);
|
||||||
|
|
||||||
|
out:
|
||||||
|
if (msg_maj.value) {
|
||||||
|
dummy_maj = gss_release_buffer(&dummy_min, &msg_maj);
|
||||||
|
}
|
||||||
|
if (msg_min.value) {
|
||||||
|
dummy_maj = gss_release_buffer(&dummy_min, &msg_min);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WITH_SERVER
|
#ifdef WITH_SERVER
|
||||||
@@ -212,7 +254,10 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n
|
|||||||
(gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &server_name);
|
(gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &server_name);
|
||||||
if (maj_stat != GSS_S_COMPLETE) {
|
if (maj_stat != GSS_S_COMPLETE) {
|
||||||
SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat);
|
SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat);
|
||||||
ssh_gssapi_log_error(SSH_LOG_WARNING, "importing name", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_WARNING,
|
||||||
|
"importing name",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -224,7 +269,10 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n
|
|||||||
|
|
||||||
if (maj_stat != GSS_S_COMPLETE) {
|
if (maj_stat != GSS_S_COMPLETE) {
|
||||||
SSH_LOG(SSH_LOG_WARNING, "error acquiring credentials %d, %d", maj_stat, min_stat);
|
SSH_LOG(SSH_LOG_WARNING, "error acquiring credentials %d, %d", maj_stat, min_stat);
|
||||||
ssh_gssapi_log_error(SSH_LOG_WARNING, "acquiring creds", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_WARNING,
|
||||||
|
"acquiring creds",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
ssh_auth_reply_default(session,0);
|
ssh_auth_reply_default(session,0);
|
||||||
return SSH_ERROR;
|
return SSH_ERROR;
|
||||||
}
|
}
|
||||||
@@ -266,7 +314,10 @@ static char *ssh_gssapi_name_to_char(gss_name_t name){
|
|||||||
OM_uint32 maj_stat, min_stat;
|
OM_uint32 maj_stat, min_stat;
|
||||||
char *ptr;
|
char *ptr;
|
||||||
maj_stat = gss_display_name(&min_stat, name, &buffer, NULL);
|
maj_stat = gss_display_name(&min_stat, name, &buffer, NULL);
|
||||||
ssh_gssapi_log_error(SSH_LOG_WARNING, "converting name", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_WARNING,
|
||||||
|
"converting name",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
ptr=malloc(buffer.length + 1);
|
ptr=malloc(buffer.length + 1);
|
||||||
memcpy(ptr, buffer.value, buffer.length);
|
memcpy(ptr, buffer.value, buffer.length);
|
||||||
ptr[buffer.length] = '\0';
|
ptr[buffer.length] = '\0';
|
||||||
@@ -335,14 +386,20 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
|
|||||||
maj_stat = gss_accept_sec_context(&min_stat, &session->gssapi->ctx, session->gssapi->server_creds,
|
maj_stat = gss_accept_sec_context(&min_stat, &session->gssapi->ctx, session->gssapi->server_creds,
|
||||||
&input_token, input_bindings, &client_name, NULL /*mech_oid*/, &output_token, &ret_flags,
|
&input_token, input_bindings, &client_name, NULL /*mech_oid*/, &output_token, &ret_flags,
|
||||||
NULL /*time*/, &session->gssapi->client_creds);
|
NULL /*time*/, &session->gssapi->client_creds);
|
||||||
ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "accepting token", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
|
||||||
|
"accepting token",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
ssh_string_free(token);
|
ssh_string_free(token);
|
||||||
if (client_name != GSS_C_NO_NAME){
|
if (client_name != GSS_C_NO_NAME){
|
||||||
session->gssapi->client_name = client_name;
|
session->gssapi->client_name = client_name;
|
||||||
session->gssapi->canonic_user = ssh_gssapi_name_to_char(client_name);
|
session->gssapi->canonic_user = ssh_gssapi_name_to_char(client_name);
|
||||||
}
|
}
|
||||||
if (GSS_ERROR(maj_stat)){
|
if (GSS_ERROR(maj_stat)){
|
||||||
ssh_gssapi_log_error(SSH_LOG_WARNING, "Gssapi error", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_WARNING,
|
||||||
|
"Gssapi error",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
ssh_auth_reply_default(session,0);
|
ssh_auth_reply_default(session,0);
|
||||||
ssh_gssapi_free(session);
|
ssh_gssapi_free(session);
|
||||||
session->gssapi=NULL;
|
session->gssapi=NULL;
|
||||||
@@ -439,8 +496,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
|
|||||||
mic_token_buf.value = ssh_string_data(mic_token);
|
mic_token_buf.value = ssh_string_data(mic_token);
|
||||||
|
|
||||||
maj_stat = gss_verify_mic(&min_stat, session->gssapi->ctx, &mic_buf, &mic_token_buf, NULL);
|
maj_stat = gss_verify_mic(&min_stat, session->gssapi->ctx, &mic_buf, &mic_token_buf, NULL);
|
||||||
ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "verifying MIC", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
|
||||||
ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "verifying MIC (min stat)", min_stat);
|
"verifying MIC",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
if (maj_stat == GSS_S_DEFECTIVE_TOKEN || GSS_ERROR(maj_stat)) {
|
if (maj_stat == GSS_S_DEFECTIVE_TOKEN || GSS_ERROR(maj_stat)) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
@@ -653,7 +712,10 @@ int ssh_gssapi_auth_mic(ssh_session session){
|
|||||||
&session->gssapi->client.server_name);
|
&session->gssapi->client.server_name);
|
||||||
if (maj_stat != GSS_S_COMPLETE) {
|
if (maj_stat != GSS_S_COMPLETE) {
|
||||||
SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat);
|
SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat);
|
||||||
ssh_gssapi_log_error(SSH_LOG_WARNING, "importing name", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_WARNING,
|
||||||
|
"importing name",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
return SSH_PACKET_USED;
|
return SSH_PACKET_USED;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -759,7 +821,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
|
|||||||
0, NULL, &input_token, NULL,
|
0, NULL, &input_token, NULL,
|
||||||
&output_token, NULL, NULL);
|
&output_token, NULL, NULL);
|
||||||
if(GSS_ERROR(maj_stat)){
|
if(GSS_ERROR(maj_stat)){
|
||||||
ssh_gssapi_log_error(SSH_LOG_WARNING, "Initializing gssapi context", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_WARNING,
|
||||||
|
"Initializing gssapi context",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
return SSH_PACKET_USED;
|
return SSH_PACKET_USED;
|
||||||
}
|
}
|
||||||
if (output_token.length != 0){
|
if (output_token.length != 0){
|
||||||
@@ -797,7 +862,10 @@ static int ssh_gssapi_send_mic(ssh_session session){
|
|||||||
maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT, &mic_buf, &mic_token_buf);
|
maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT, &mic_buf, &mic_token_buf);
|
||||||
if (GSS_ERROR(maj_stat)){
|
if (GSS_ERROR(maj_stat)){
|
||||||
ssh_buffer_free(mic_buffer);
|
ssh_buffer_free(mic_buffer);
|
||||||
ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "generating MIC", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
|
||||||
|
"generating MIC",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
return SSH_ERROR;
|
return SSH_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -848,10 +916,16 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
|
|||||||
0, NULL, &input_token, NULL,
|
0, NULL, &input_token, NULL,
|
||||||
&output_token, NULL, NULL);
|
&output_token, NULL, NULL);
|
||||||
|
|
||||||
ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "accepting token", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
|
||||||
|
"accepting token",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
ssh_string_free(token);
|
ssh_string_free(token);
|
||||||
if (GSS_ERROR(maj_stat)){
|
if (GSS_ERROR(maj_stat)){
|
||||||
ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "Gssapi error", maj_stat);
|
ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
|
||||||
|
"Gssapi error",
|
||||||
|
maj_stat,
|
||||||
|
min_stat);
|
||||||
ssh_gssapi_free(session);
|
ssh_gssapi_free(session);
|
||||||
session->gssapi=NULL;
|
session->gssapi=NULL;
|
||||||
return SSH_PACKET_USED;
|
return SSH_PACKET_USED;
|
||||||
|
|||||||
Reference in New Issue
Block a user