lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

auth: store client's credentials

Browse Source 
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Aris Adamantiadis
2013-03-04 00:55:43 +01:00
committed by Andreas Schneider
parent 7cb6b15aaa
commit d944310412
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/gssapi.c
View File

@@ -45,13 +45,13 @@ struct ssh_gssapi_struct{
enum ssh_gssapi_state_e state; /* current state */ enum ssh_gssapi_state_e state; /* current state */
struct gss_OID_desc_struct mech; /* mechanism being elected for auth */ struct gss_OID_desc_struct mech; /* mechanism being elected for auth */
gss_cred_id_t server_creds; /* credentials of server */ gss_cred_id_t server_creds; /* credentials of server */
gss_cred_id_t client_creds; /* creds of the client */
gss_ctx_id_t ctx; /* the authentication context */ gss_ctx_id_t ctx; /* the authentication context */
gss_name_t client_name; /* Identity of the client */ gss_name_t client_name; /* Identity of the client */
char *user; /* username of client */ char *user; /* username of client */
char *canonic_user; /* canonic form of the client's username */ char *canonic_user; /* canonic form of the client's username */
char *service; /* name of the service */ char *service; /* name of the service */
struct { struct {
gss_cred_id_t client_creds; /* creds of the client */
gss_name_t server_name; /* identity of server */ gss_name_t server_name; /* identity of server */
gss_OID oid; /* mech being used for authentication */ gss_OID oid; /* mech being used for authentication */
} client; } client;
@@ -71,6 +71,7 @@ static int ssh_gssapi_init(ssh_session session){
} }
ZERO_STRUCTP(session->gssapi); ZERO_STRUCTP(session->gssapi);
session->gssapi->server_creds = GSS_C_NO_CREDENTIAL; session->gssapi->server_creds = GSS_C_NO_CREDENTIAL;
session->gssapi->client_creds = GSS_C_NO_CREDENTIAL;
session->gssapi->ctx = GSS_C_NO_CONTEXT; session->gssapi->ctx = GSS_C_NO_CONTEXT;
session->gssapi->state = SSH_GSSAPI_STATE_NONE; session->gssapi->state = SSH_GSSAPI_STATE_NONE;
return SSH_OK; return SSH_OK;
@@ -278,7 +279,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
maj_stat = gss_accept_sec_context(&min_stat, &session->gssapi->ctx, session->gssapi->server_creds, maj_stat = gss_accept_sec_context(&min_stat, &session->gssapi->ctx, session->gssapi->server_creds,
&input_token, input_bindings, &client_name, NULL /*mech_oid*/, &output_token, &ret_flags, &input_token, input_bindings, &client_name, NULL /*mech_oid*/, &output_token, &ret_flags,
NULL /*time*/, &deleg_cred); NULL /*time*/, &session->gssapi->client_creds);
ssh_gssapi_log_error(session, 0, "accepting token", maj_stat); ssh_gssapi_log_error(session, 0, "accepting token", maj_stat);
ssh_string_free(token); ssh_string_free(token);
if (client_name != GSS_C_NO_NAME){ if (client_name != GSS_C_NO_NAME){
@@ -392,7 +393,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic){
} }
} }
ssh_gssapi_free(session); //ssh_gssapi_free(session);
return SSH_PACKET_USED; return SSH_PACKET_USED;
error: error:
@@ -654,7 +655,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
gss_add_oid_set_member(&min_stat, oid, &tmp); gss_add_oid_set_member(&min_stat, oid, &tmp);
maj_stat = gss_acquire_cred(&min_stat, session->gssapi->client_name, 0, maj_stat = gss_acquire_cred(&min_stat, session->gssapi->client_name, 0,
tmp, GSS_C_INITIATE, tmp, GSS_C_INITIATE,
&session->gssapi->client.client_creds, NULL, NULL); &session->gssapi->client_creds, NULL, NULL);
gss_release_oid_set(&min_stat, &tmp); gss_release_oid_set(&min_stat, &tmp);
if (GSS_ERROR(maj_stat)){ if (GSS_ERROR(maj_stat)){
ssh_gssapi_log_error(session,SSH_LOG_WARNING,"Error acquiring credentials",maj_stat); ssh_gssapi_log_error(session,SSH_LOG_WARNING,"Error acquiring credentials",maj_stat);
@@ -662,7 +663,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
} }
/* prepare the first TOKEN response */ /* prepare the first TOKEN response */
maj_stat = gss_init_sec_context(&min_stat, maj_stat = gss_init_sec_context(&min_stat,
session->gssapi->client.client_creds, &session->gssapi->ctx, session->gssapi->client.server_name, oid, session->gssapi->client_creds, &session->gssapi->ctx, session->gssapi->client.server_name, oid,
GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | (deleg ? GSS_C_DELEG_FLAG : 0), GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | (deleg ? GSS_C_DELEG_FLAG : 0),
0, NULL, &input_token, NULL, &output_token, NULL, NULL); 0, NULL, &input_token, NULL, &output_token, NULL, NULL);
if(GSS_ERROR(maj_stat)){ if(GSS_ERROR(maj_stat)){
@@ -746,7 +747,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
input_token.value = ssh_string_data(token); input_token.value = ssh_string_data(token);
maj_stat = gss_init_sec_context(&min_stat, maj_stat = gss_init_sec_context(&min_stat,
session->gssapi->client.client_creds, &session->gssapi->ctx, session->gssapi->client.server_name, session->gssapi->client.oid, session->gssapi->client_creds, &session->gssapi->ctx, session->gssapi->client.server_name, session->gssapi->client.oid,
GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | (deleg ? GSS_C_DELEG_FLAG : 0), GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | (deleg ? GSS_C_DELEG_FLAG : 0),
0, NULL, &input_token, NULL, &output_token, NULL, NULL); 0, NULL, &input_token, NULL, &output_token, NULL, NULL);