#include "auth.h"
#include "ssh2.h"
-#include "ssh1.h"
#include "xmalloc.h"
#include "log.h"
#include "dispatch.h"
#include "ssh-gss.h"
extern ServerOptions options;
-unsigned char ssh1_key_digest[16];
static int
userauth_external(Authctxt *authctxt)
authctxt->methoddata=(void *)ctxt;
- if (!compat20) {
-
- packet_start(SSH_SMSG_AUTH_GSSAPI_RESPONSE);
- packet_put_string(oid.elements,oid.length);
-
- } else {
-
packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
/* Return OID in same format as we received it*/
packet_put_string(doid, len);
- } /* !compat20 */
-
packet_send();
xfree(doid);
- if (!compat20)
- dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, &input_gssapi_token);
- else
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
authctxt->postponed = 1;
if (GSS_ERROR(maj_status)) {
ssh_gssapi_userauth_error(gssctxt);
if (send_tok.length != 0) {
- if (!compat20)
- packet_start(SSH_MSG_AUTH_GSSAPI_TOKEN);
- else
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
}
authctxt->postponed = 0;
- dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
userauth_finish(authctxt, 0, "gssapi");
} else {
if (send_tok.length != 0) {
- if (!compat20)
- packet_start(SSH_MSG_AUTH_GSSAPI_TOKEN);
- else
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
packet_put_string(send_tok.value, send_tok.length);
packet_send();
}
if (maj_status == GSS_S_COMPLETE) {
- dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
- if (!compat20)
- input_gssapi_exchange_complete(0, 0, ctxt);
- else
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
&input_gssapi_exchange_complete);
}
xfree(recv_tok.value);
/* We can't return anything to the client, even if we wanted to */
- dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
gssctxt = authctxt->methoddata;
- /* ssh1 needs to exchange the hash of the keys */
- if (!compat20) {
-
- OM_uint32 min_status;
- gss_buffer_desc dummy, msg_tok;
-
- /* ssh1 wraps the keys, in the monitor */
-
- dummy.value=malloc(sizeof(ssh1_key_digest));
- memcpy(dummy.value,ssh1_key_digest,sizeof(ssh1_key_digest));
- dummy.length=sizeof(ssh1_key_digest);
- if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(gssctxt,&dummy,&msg_tok))))
- fatal("Couldn't wrap keys");
-
- packet_start(SSH_SMSG_AUTH_GSSAPI_HASH);
- packet_put_string((char *)msg_tok.value,msg_tok.length);
- packet_send();
- packet_write_wait();
- gss_release_buffer(&min_status,&msg_tok);
- }
-
/*
* We don't need to check the status, because the stored credentials
* which userok uses are only populated once the context init step
errstr=PRIVSEP(ssh_gssapi_last_error(ctxt,&maj,&min));
if (errstr) {
- if (!compat20) {
- packet_send_debug(errstr);
- } else {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERROR);
packet_put_int(maj);
packet_put_int(min);
packet_send();
packet_write_wait();
xfree(errstr);
- }
}
}