From 6f9f4dab1bca468a2d6fd906245c8fd0adfa658f Mon Sep 17 00:00:00 2001 From: jbasney Date: Wed, 25 Sep 2002 18:26:12 +0000 Subject: [PATCH] pass in mechanism OID to gss_display_status() so mechglue can route the call to the correct underyling mechanism library --- openssh/gss-genr.c | 33 +++++++++++++++++---------------- openssh/gss-serv.c | 7 ++++--- openssh/ssh-gss.h | 8 +++++--- 3 files changed, 26 insertions(+), 22 deletions(-) diff --git a/openssh/gss-genr.c b/openssh/gss-genr.c index 5e5dc0e..ccd6d7e 100644 --- a/openssh/gss-genr.c +++ b/openssh/gss-genr.c @@ -250,7 +250,8 @@ gss_OID ssh_gssapi_id_kex(Gssctxt *ctx, char *name) { /* All this effort to report an error ... */ static void -ssh_gssapi_error_ex(OM_uint32 major_status,OM_uint32 minor_status, +ssh_gssapi_error_ex(gss_OID mech, OM_uint32 major_status, + OM_uint32 minor_status, int send_packet) { OM_uint32 lmaj, lmin; gss_buffer_desc msg = {0,NULL}; @@ -261,7 +262,7 @@ ssh_gssapi_error_ex(OM_uint32 major_status,OM_uint32 minor_status, do { lmaj = gss_display_status(&lmin, major_status, GSS_C_GSS_CODE, - GSS_C_NULL_OID, + mech, &ctx, &msg); if (lmaj == GSS_S_COMPLETE) { debug((char *)msg.value); @@ -274,7 +275,7 @@ ssh_gssapi_error_ex(OM_uint32 major_status,OM_uint32 minor_status, do { lmaj = gss_display_status(&lmin, minor_status, GSS_C_MECH_CODE, - GSS_C_NULL_OID, + mech, &ctx, &msg); if (lmaj == GSS_S_COMPLETE) { debug((char *)msg.value); @@ -285,13 +286,14 @@ ssh_gssapi_error_ex(OM_uint32 major_status,OM_uint32 minor_status, } void -ssh_gssapi_error(OM_uint32 major_status,OM_uint32 minor_status) { - ssh_gssapi_error_ex(major_status, minor_status, 0); +ssh_gssapi_error(gss_OID mech,OM_uint32 major_status,OM_uint32 minor_status) { + ssh_gssapi_error_ex(mech, major_status, minor_status, 0); } void -ssh_gssapi_send_error(OM_uint32 major_status,OM_uint32 minor_status) { - ssh_gssapi_error_ex(major_status, minor_status, 1); +ssh_gssapi_send_error(gss_OID mech, + OM_uint32 major_status,OM_uint32 minor_status) { + ssh_gssapi_error_ex(mech, major_status, minor_status, 1); } @@ -380,7 +382,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok, NULL); ctx->status=maj_status; if (GSS_ERROR(maj_status)) { - ssh_gssapi_error(maj_status,min_status); + ssh_gssapi_error(ctx->oid,maj_status,min_status); } return(maj_status); } @@ -394,7 +396,6 @@ OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx,gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags) { OM_uint32 maj_status, min_status; - gss_OID mech; maj_status=gss_accept_sec_context(&min_status, &ctx->context, @@ -402,13 +403,13 @@ OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx,gss_buffer_desc *recv_tok, recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &ctx->client, - &mech, + &ctx->oid, send_tok, flags, NULL, &ctx->client_creds); if (GSS_ERROR(maj_status)) { - ssh_gssapi_send_error(maj_status,min_status); + ssh_gssapi_send_error(ctx->oid,maj_status,min_status); } if (ctx->client_creds) { @@ -469,7 +470,7 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) { &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) { - ssh_gssapi_error(maj_status,min_status); + ssh_gssapi_error(ctx->oid, maj_status,min_status); } xfree(xhost); @@ -506,7 +507,7 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) { &ctx->creds, NULL, NULL))) { - ssh_gssapi_error(maj_status,min_status); + ssh_gssapi_error(GSS_C_NO_OID,maj_status,min_status); } gss_release_oid_set(&min_status, &oidset); @@ -524,7 +525,7 @@ ssh_gssapi_getclient(Gssctxt *ctx, enum ssh_gss_id *type, *type=ssh_gssapi_get_ctype(ctx); if ((maj_status=gss_display_name(&min_status,ctx->client,name,NULL))) { - ssh_gssapi_error(maj_status,min_status); + ssh_gssapi_error(GSS_C_NO_OID,maj_status,min_status); } /* This is icky. There appears to be no way to copy this structure, @@ -549,13 +550,13 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *buffer, gss_buffer_desc *hash) { buffer, NULL, hash))) - ssh_gssapi_error(maj_status,min_status); + ssh_gssapi_error(ctx->oid,maj_status,min_status); } else if ((maj_status=gss_get_mic(&min_status,ctx->context, GSS_C_QOP_DEFAULT, buffer, hash))) { - ssh_gssapi_error(maj_status,min_status); + ssh_gssapi_error(ctx->oid,maj_status,min_status); } return(maj_status); diff --git a/openssh/gss-serv.c b/openssh/gss-serv.c index 53321ac..bb9d9d2 100644 --- a/openssh/gss-serv.c +++ b/openssh/gss-serv.c @@ -244,7 +244,8 @@ ssh_gssapi_krb5_storecreds(gss_buffer_t export_buffer) { krb5_cred_handle, ccache))) { log("gss_krb5_copy_ccache() failed"); - ssh_gssapi_error(maj_status,min_status); + ssh_gssapi_error(&supported_mechs[GSS_KERBEROS].oid, + maj_status,min_status); krb5_cc_destroy(krb_context,ccache); return GSS_S_FAILURE; } @@ -438,7 +439,7 @@ ssh_gssapi_storecreds() maj_stat = gss_export_cred(&min_stat, gssapi_client_creds, GSS_C_NO_OID, 1, &export_cred); if (GSS_ERROR(maj_stat) && maj_stat != GSS_S_UNAVAILABLE) { - ssh_gssapi_error(maj_stat, min_stat); + ssh_gssapi_error(GSS_C_NO_OID, maj_stat, min_stat); return; } #endif @@ -448,7 +449,7 @@ ssh_gssapi_storecreds() ssh_gssapi_export_cred(&min_stat, gssapi_client_creds, GSS_C_NO_OID, 1, &export_cred); if (GSS_ERROR(maj_stat)) { - ssh_gssapi_error(maj_stat, min_stat); + ssh_gssapi_error(GSS_C_NO_OID, maj_stat, min_stat); } } diff --git a/openssh/ssh-gss.h b/openssh/ssh-gss.h index 37d8721..31e025e 100644 --- a/openssh/ssh-gss.h +++ b/openssh/ssh-gss.h @@ -79,7 +79,7 @@ typedef struct { OM_uint32 status; /* both */ gss_ctx_id_t context; /* both */ gss_name_t name; /* both */ - gss_OID oid; /* client */ + gss_OID oid; /* both */ gss_cred_id_t creds; /* server */ gss_name_t client; /* server */ gss_cred_id_t client_creds; /* server */ @@ -110,8 +110,10 @@ OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, enum ssh_gss_id *type, gss_buffer_desc *name, gss_cred_id_t *creds); -void ssh_gssapi_error(OM_uint32 major_status,OM_uint32 minor_status); -void ssh_gssapi_send_error(OM_uint32 major_status,OM_uint32 minor_status); +void ssh_gssapi_error(gss_OID mech, + OM_uint32 major_status, OM_uint32 minor_status); +void ssh_gssapi_send_error(gss_OID mech, + OM_uint32 major_status,OM_uint32 minor_status); void ssh_gssapi_build_ctx(Gssctxt **ctx); void ssh_gssapi_delete_ctx(Gssctxt **ctx); OM_uint32 ssh_gssapi_client_ctx(Gssctxt **ctx,gss_OID oid,char *host); -- 2.45.2