if (datafellows & SSH_OLD_GSSAPI) return NULL;
- gss_indicate_mechs(&min_status, &supported);
+ PRIVSEP(gss_indicate_mechs(&min_status, &supported));
buffer_init(&buf);
gss_OID_set supported;
gss_create_empty_oid_set(&min_status,oidset);
- gss_indicate_mechs(&min_status, &supported);
+ PRIVSEP(gss_indicate_mechs(&min_status, &supported));
while (supported_mechs[i].name!=NULL) {
if ((maj_status=gss_test_oid_set_member(&min_status,
ctx = 0;
/* The GSSAPI error */
do {
- lmaj = gss_display_status(&lmin, major_status,
- GSS_C_GSS_CODE,
- mech,
- &ctx, &msg);
+ lmaj = PRIVSEP(gss_display_status(&lmin, major_status,
+ GSS_C_GSS_CODE,
+ mech,
+ &ctx, &msg));
if (lmaj == GSS_S_COMPLETE) {
debug((char *)msg.value);
if (send_packet) packet_send_debug((char *)msg.value);
/* The mechanism specific error */
do {
- lmaj = gss_display_status(&lmin, minor_status,
- GSS_C_MECH_CODE,
- mech,
- &ctx, &msg);
+ lmaj = PRIVSEP(gss_display_status(&lmin, minor_status,
+ GSS_C_MECH_CODE,
+ mech,
+ &ctx, &msg));
if (lmaj == GSS_S_COMPLETE) {
debug((char *)msg.value);
if (send_packet) packet_send_debug((char *)msg.value);
void
ssh_gssapi_delete_ctx(Gssctxt **ctx)
{
+#if !defined(MECHGLUE)
OM_uint32 ms;
+#endif
/* Return if there's no context */
if ((*ctx)==NULL)
&ctx->creds,
NULL,
NULL))) {
- ssh_gssapi_error(GSS_C_NO_OID,maj_status,min_status);
+ ssh_gssapi_error(ctx->oid,maj_status,min_status);
}
gss_release_oid_set(&min_status, &oidset);
*type=ssh_gssapi_get_ctype(ctx);
if ((maj_status=gss_display_name(&min_status,ctx->client,name,NULL))) {
- ssh_gssapi_error(GSS_C_NO_OID,maj_status,min_status);
+ ssh_gssapi_error(ctx->oid,maj_status,min_status);
}
/* This is icky. There appears to be no way to copy this structure,
int mm_answer_gss_userok(int, Buffer *);
int mm_answer_gss_localname(int, Buffer *);
int mm_answer_gss_sign(int, Buffer *);
+int mm_answer_gss_indicate_mechs(int, Buffer *);
+int mm_answer_gss_display_status(int, Buffer *);
#endif
#ifdef GSI
{MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
+ {MONITOR_REQ_GSSMECHS, MON_ISAUTH, mm_answer_gss_indicate_mechs},
+ {MONITOR_REQ_GSSSTAT, MON_ISAUTH, mm_answer_gss_display_status},
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
{MONITOR_REQ_GSSLOCALNAME, MON_AUTH, mm_answer_gss_localname},
#endif
{MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
{MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
+ {MONITOR_REQ_GSSMECHS, 0, mm_answer_gss_indicate_mechs},
+ {MONITOR_REQ_GSSSTAT, 0, mm_answer_gss_display_status},
#endif
{MONITOR_REQ_MODULI, 0, mm_answer_moduli},
{MONITOR_REQ_SIGN, 0, mm_answer_sign},
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+ {MONITOR_REQ_GSSMECHS, MON_ISAUTH, mm_answer_gss_indicate_mechs},
+ {MONITOR_REQ_GSSSTAT, MON_ISAUTH, mm_answer_gss_display_status},
#endif
#ifdef GSI
{MONITOR_REQ_GSIGRIDMAP, MON_PERMIT, mm_answer_gsi_gridmap},
{MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
{MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
+ {MONITOR_REQ_GSSMECHS, 0, mm_answer_gss_indicate_mechs},
+ {MONITOR_REQ_GSSSTAT, 0, mm_answer_gss_display_status},
#endif
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTAT, 1);
#endif
} else {
mon_dispatch = mon_dispatch_proto15;
monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1);
#ifdef GSSAPI
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTAT, 1);
#endif
#ifdef GSI
monitor_permit(mon_dispatch, MONITOR_REQ_GSIGRIDMAP, 1);
mon_dispatch = mon_dispatch_postauth15;
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
}
+#ifdef GSSAPI
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTAT, 1);
+#endif
if (!no_pty_flag) {
monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
return(0);
}
+int
+mm_answer_gss_indicate_mechs(int socket, Buffer *m) {
+ OM_uint32 major,minor;
+ gss_OID_set mech_set;
+ int i;
+
+ major=gss_indicate_mechs(&minor, &mech_set);
+
+ buffer_clear(m);
+ buffer_put_int(m, major);
+ buffer_put_int(m, mech_set->count);
+ for (i=0; i < mech_set->count; i++) {
+ buffer_put_string(m, mech_set->elements[i].elements,
+ mech_set->elements[i].length);
+ }
+
+ mm_request_send(socket,MONITOR_ANS_GSSMECHS,m);
+
+ return(0);
+}
+
+int
+mm_answer_gss_display_status(int socket, Buffer *m) {
+ OM_uint32 major,minor,status_value,message_context;
+ int status_type;
+ gss_OID_desc mech_type_desc;
+ gss_OID mech_type;
+ gss_buffer_desc status_string;
+ u_int length;
+
+ status_value = buffer_get_int(m);
+ status_type = buffer_get_int(m);
+ mech_type_desc.elements = buffer_get_string(m, &length);
+ mech_type_desc.length = length;
+ if (length != 0) {
+ mech_type = &mech_type_desc;
+ } else if (gsscontext) {
+ mech_type = gsscontext->oid;
+ } else {
+ mech_type = GSS_C_NO_OID;
+ }
+ message_context = buffer_get_int(m);
+
+ major=gss_display_status(&minor, status_value, status_type, mech_type,
+ &message_context, &status_string);
+
+ buffer_clear(m);
+ buffer_put_int(m, message_context);
+ buffer_put_string(m, status_string.value, status_string.length);
+
+ mm_request_send(socket,MONITOR_ANS_GSSSTAT,m);
+
+ if (mech_type_desc.elements) {
+ xfree(mech_type_desc.elements);
+ }
+
+ return 0;
+}
+
#endif /* GSSAPI */
#ifdef GSI
return(major);
}
+
+OM_uint32
+mm_gss_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set)
+{
+ Buffer m;
+ OM_uint32 major;
+ int i=0;
+
+ buffer_init(&m);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSMECHS, &m);
+
+ debug3("%s: waiting for MONITOR_ANS_GSSMECHS",__func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSMECHS,
+ &m);
+ major=buffer_get_int(&m);
+ *mech_set = xmalloc(sizeof(gss_OID_set_desc));
+ (*mech_set)->count=buffer_get_int(&m);
+ (*mech_set)->elements=xmalloc(sizeof(gss_OID_desc)*(*mech_set)->count);
+ for (i=0; i < (*mech_set)->count; i++) {
+ u_int length;
+ (*mech_set)->elements[i].elements=buffer_get_string(&m, &length);
+ (*mech_set)->elements[i].length = length;
+ }
+
+ return(major);
+}
+
+OM_uint32
+mm_gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value,
+ int status_type, const gss_OID mech_type,
+ OM_uint32 *message_context, gss_buffer_t status_string)
+{
+ Buffer m;
+ OM_uint32 major;
+
+ buffer_init(&m);
+
+ buffer_put_int(&m, status_value);
+ buffer_put_int(&m, status_type);
+ if (mech_type) {
+ buffer_put_string(&m, mech_type->elements, mech_type->length);
+ } else {
+ buffer_put_string(&m, "", 0);
+ }
+ if (message_context) {
+ buffer_put_int(&m, *message_context);
+ } else {
+ buffer_put_int(&m, 0);
+ }
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTAT, &m);
+
+ debug3("%s: waiting for MONITOR_ANS_GSSMECHS",__func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTAT,
+ &m);
+
+ if (message_context) {
+ *message_context = buffer_get_int(&m);
+ } else {
+ buffer_get_int(&m);
+ }
+ status_string->value = buffer_get_string(&m, &status_string->length);
+
+ return major;
+}
#endif /* GSSAPI */
#ifdef GSI
andersk / gssapi-openssh.git / commitdiff
