gssapi: Add suppport to set GSSAPI server identity.

include/libssh/libssh.h

@@ -331,7 +331,8 @@ enum ssh_options_e {
   SSH_OPTIONS_COMPRESSION,
   SSH_OPTIONS_COMPRESSION_LEVEL,
   SSH_OPTIONS_KEY_EXCHANGE,
-  SSH_OPTIONS_HOSTKEYS
+  SSH_OPTIONS_HOSTKEYS,
+  SSH_OPTIONS_GSSAPI_SERVER_IDENTITY
 };
 
 enum {

include/libssh/session.h

@@ -183,6 +183,7 @@ struct ssh_session_struct {
         int ssh2;
         int ssh1;
         char compressionlevel;
+        char *gss_server_identity;
     } opts;
 };
 

src/gssapi.c

@@ -672,12 +672,17 @@ int ssh_gssapi_auth_mic(ssh_session session){
     OM_uint32 maj_stat, min_stat;
     char name_buf[256];
     gss_buffer_desc hostname;
+    const char *gss_host = session->opts.host;
 
     if (ssh_gssapi_init(session) == SSH_ERROR)
         return SSH_AUTH_ERROR;
 
+    if (session->opts.gss_server_identity != NULL) {
+        gss_host = session->opts.gss_server_identity;
+    }
     /* import target host name */
-    snprintf(name_buf, sizeof(name_buf), "host@%s", session->opts.host);
+    snprintf(name_buf, sizeof(name_buf), "host@%s", gss_host);
+
     hostname.value = name_buf;
     hostname.length = strlen(name_buf) + 1;
     maj_stat = gss_import_name(&min_stat, &hostname,

src/options.c

@@ -367,6 +367,10 @@ int ssh_options_set_algo(ssh_session session, int algo,
  *                Set the command to be executed in order to connect to
  *                server (const char *).
  *
+ *              - SSH_OPTIONS_GSSAPI_SERVER_IDENTITY
+ *                Set it to specify the GSSAPI server identity that libssh
+ *                should expect when connecting to the server (const char *).
+ *
  * @param  value The value to set. This is a generic pointer and the
  *               datatype which is used should be set according to the
  *               type set.
@@ -792,6 +796,20 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 }
             }
             break;
+        case SSH_OPTIONS_GSSAPI_SERVER_IDENTITY:
+            v = value;
+            if (v == NULL || v[0] == '\0') {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                SAFE_FREE(session->opts.gss_server_identity);
+                session->opts.gss_server_identity = strdup(v);
+                if (session->opts.gss_server_identity == NULL) {
+                    ssh_set_error_oom(session);
+                    return -1;
+                }
+            }
+            break;
         default:
             ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
             return -1;

src/session.c

@@ -265,6 +265,7 @@ void ssh_free(ssh_session session) {
   SAFE_FREE(session->opts.sshdir);
   SAFE_FREE(session->opts.knownhosts);
   SAFE_FREE(session->opts.ProxyCommand);
+  SAFE_FREE(session->opts.gss_server_identity);
 
   for (i = 0; i < 10; i++) {
       if (session->opts.wanted_methods[i]) {