lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

auth: adapt libssh to gssapi-with-mic server

Browse Source 
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Aris Adamantiadis
2013-02-20 23:20:44 +01:00
committed by Andreas Schneider
parent 6bb5063046
commit 3b52e38a33
6 changed files with 70 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libssh/libssh.h
View File

@@ -164,6 +164,7 @@ enum ssh_auth_e {
#define SSH_AUTH_METHOD_PUBLICKEY 0x0004 #define SSH_AUTH_METHOD_PUBLICKEY 0x0004
#define SSH_AUTH_METHOD_HOSTBASED 0x0008 #define SSH_AUTH_METHOD_HOSTBASED 0x0008
#define SSH_AUTH_METHOD_INTERACTIVE 0x0010 #define SSH_AUTH_METHOD_INTERACTIVE 0x0010
#define SSH_AUTH_METHOD_GSSAPI_MIC 0x0020
/* messages */ /* messages */
enum ssh_requests_e { enum ssh_requests_e {

5
include/libssh/priv.h
View File

@@ -179,8 +179,9 @@ void _ssh_set_error_oom(void *error, const char *function);
void _ssh_set_error_invalid(void *error, const char *function); void _ssh_set_error_invalid(void *error, const char *function);
/* server.c */
int ssh_auth_reply_default(ssh_session session,int partial);
int ssh_auth_reply_success(ssh_session session, int partial);
/* client.c */ /* client.c */

2
include/libssh/server.h
View File

@@ -254,6 +254,8 @@ LIBSSH_API int ssh_handle_key_exchange(ssh_session session);
*/ */
LIBSSH_API void ssh_bind_free(ssh_bind ssh_bind_o); LIBSSH_API void ssh_bind_free(ssh_bind ssh_bind_o);
LIBSSH_API void ssh_set_auth_methods(ssh_session session, int auth_methods);
/********************************************************** /**********************************************************
* SERVER MESSAGING * SERVER MESSAGING
**********************************************************/ **********************************************************/

1
include/libssh/session.h
View File

@@ -143,6 +143,7 @@ struct ssh_session_struct {
/* keyb interactive data */ /* keyb interactive data */
struct ssh_kbdint_struct *kbdint; struct ssh_kbdint_struct *kbdint;
struct ssh_gssapi_struct *gssapi;
int version; /* 1 or 2 */ int version; /* 1 or 2 */
/* server host keys */ /* server host keys */
struct { struct {

53
src/messages.c
View File

@@ -44,6 +44,7 @@
#include "libssh/messages.h" #include "libssh/messages.h"
#ifdef WITH_SERVER #ifdef WITH_SERVER
#include "libssh/server.h" #include "libssh/server.h"
#include "libssh/gssapi.h"
#endif #endif
/** /**
@@ -740,6 +741,54 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
} }
goto end; goto end;
} }
if (strncmp(method, "gssapi-with-mic", method_size) == 0) {
uint32_t n_oid;
ssh_string *oids;
ssh_string oid;
char *hexa;
int i;
buffer_get_u32(packet, &n_oid);
n_oid=ntohl(n_oid);
if(n_oid > 100){
ssh_set_error(session, SSH_FATAL, "USERAUTH_REQUEST: gssapi-with-mic OID count too big (%d)",n_oid);
goto error;
}
ssh_log(session, SSH_LOG_PACKET, "gssapi: %d OIDs", n_oid);
oids = calloc(n_oid, sizeof(ssh_string));
if (oids == NULL){
ssh_set_error_oom(session);
goto error;
}
for (i=0;i<(int) n_oid;++i){
oid=buffer_get_ssh_string(packet);
if(oid == NULL){
for(i=i-1;i>=0;--i){
SAFE_FREE(oids[i]);
}
SAFE_FREE(oids);
ssh_set_error(session, SSH_LOG_PACKET, "USERAUTH_REQUEST: gssapi-with-mic missing OID");
goto error;
}
oids[i] = oid;
if(session->common.log_verbosity >= SSH_LOG_PACKET){
hexa = ssh_get_hexa(ssh_string_data(oid), ssh_string_len(oid));
ssh_log(session, SSH_LOG_PACKET,"gssapi: OID %d: %s",i, hexa);
SAFE_FREE(hexa);
}
}
ssh_gssapi_handle_userauth(session, msg->auth_request.username, n_oid, oids);
for(i=0;i<(int)n_oid;++i){
SAFE_FREE(oids[i]);
}
SAFE_FREE(oids);
/* bypass the message queue thing */
SAFE_FREE(service);
SAFE_FREE(method);
ssh_message_free(msg);
leave_function();
return SSH_PACKET_USED;
}
msg->auth_request.method = SSH_AUTH_METHOD_UNKNOWN; msg->auth_request.method = SSH_AUTH_METHOD_UNKNOWN;
SAFE_FREE(method); SAFE_FREE(method);
@@ -783,6 +832,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
ssh_message msg = NULL; ssh_message msg = NULL;
/* GSSAPI_TOKEN has same packed number. XXX fix this */
if (session->gssapi != NULL)
return ssh_packet_userauth_gssapi_token(session, type, packet, user);
enter_function(); enter_function();
(void)user; (void)user;

13
src/packet.c
View File

@@ -46,6 +46,7 @@
#include "libssh/pcap.h" #include "libssh/pcap.h"
#include "libssh/kex.h" #include "libssh/kex.h"
#include "libssh/auth.h" #include "libssh/auth.h"
#include "libssh/gssapi.h"
#define MACSIZE SHA_DIGEST_LEN #define MACSIZE SHA_DIGEST_LEN
@@ -83,11 +84,17 @@ static ssh_packet_callback default_packet_handlers[]= {
NULL,NULL,NULL,NULL,NULL,NULL, // 54-59 NULL,NULL,NULL,NULL,NULL,NULL, // 54-59
ssh_packet_userauth_pk_ok, // SSH2_MSG_USERAUTH_PK_OK 60 ssh_packet_userauth_pk_ok, // SSH2_MSG_USERAUTH_PK_OK 60
// SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 // SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60
// SSH2_MSG_USERAUTH_INFO_REQUEST 60 // SSH2_MSG_USERAUTH_INFO_REQUEST 60
ssh_packet_userauth_info_response, // SSH2_MSG_USERAUTH_INFO_RESPONSE 61 ssh_packet_userauth_info_response, // SSH2_MSG_USERAUTH_INFO_RESPONSE 61
// SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
NULL, // 62
NULL, // SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
NULL, // SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
NULL, // SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
ssh_packet_userauth_gssapi_mic, // SSH2_MSG_USERAUTH_GSSAPI_MIC 66
NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, // 67-79
NULL, NULL, NULL, NULL, // 62-79
#ifdef WITH_SERVER #ifdef WITH_SERVER
ssh_packet_global_request, // SSH2_MSG_GLOBAL_REQUEST 80 ssh_packet_global_request, // SSH2_MSG_GLOBAL_REQUEST 80
#else /* WITH_SERVER */ #else /* WITH_SERVER */