- djm@cvs.openbsd.org 2010/01/30 02:54:53

[openssh.git] / auth2-gss.c

diff --git a/auth2-gss.c b/auth2-gss.c
index 220862dc8f03c784359fc4d238761f1c35c9aec4..0e08d889cd0988b58eaf4ec37f357766e8cc2038 100644 (file)
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: auth2-gss.c,v 1.6 2003/11/17 11:06:07 markus Exp $    */
+/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -28,17 +28,22 @@
 
 #ifdef GSSAPI
 
+#include <sys/types.h>
+
+#include <stdarg.h>
+
+#include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
 #include "auth.h"
 #include "ssh2.h"
-#include "xmalloc.h"
 #include "log.h"
 #include "dispatch.h"
+#include "buffer.h"
 #include "servconf.h"
-#include "compat.h"
 #include "packet.h"
-#include "monitor_wrap.h"
-
 #include "ssh-gss.h"
+#include "monitor_wrap.h"
 
 extern ServerOptions options;
 
@@ -49,19 +54,19 @@ static void input_gssapi_errtok(int, u_int32_t, void *);
 
 /*
  * We only support those mechanisms that we know about (ie ones that we know
- * how to check local user kuserok and the like
+ * how to check local user kuserok and the like)
  */
 static int
 userauth_gssapi(Authctxt *authctxt)
 {
-       gss_OID_desc oid = {0, NULL};
+       gss_OID_desc goid = {0, NULL};
        Gssctxt *ctxt = NULL;
        int mechs;
        gss_OID_set supported;
        int present;
        OM_uint32 ms;
        u_int len;
-       char *doid = NULL;
+       u_char *doid = NULL;
 
        if (!authctxt->valid || authctxt->user == NULL)
                return (0);
@@ -82,12 +87,11 @@ userauth_gssapi(Authctxt *authctxt)
                present = 0;
                doid = packet_get_string(&len);
 
-               if (len > 2 && 
-                  doid[0] == SSH_GSS_OIDTYPE &&
-                  doid[1] == len - 2) {
-                        oid.elements = doid + 2;
-                        oid.length   = len - 2;
-                       gss_test_oid_set_member(&ms, &oid, supported,
+               if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
+                   doid[1] == len - 2) {
+                       goid.elements = doid + 2;
+                       goid.length   = len - 2;
+                       gss_test_oid_set_member(&ms, &goid, supported,
                            &present);
                } else {
                        logit("Badly formed OID received");
@@ -101,12 +105,14 @@ userauth_gssapi(Authctxt *authctxt)
                return (0);
        }
 
-       if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &oid)))) {
+       if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
+               if (ctxt != NULL)
+                       ssh_gssapi_delete_ctx(&ctxt);
                xfree(doid);
                return (0);
        }
 
-       authctxt->methoddata=(void *)ctxt;
+       authctxt->methoddata = (void *)ctxt;
 
        packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
 
@@ -255,21 +261,21 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
        Buffer b;
        gss_buffer_desc mic, gssbuf;
        u_int len;
-       
+
        if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
                fatal("No authentication or GSSAPI context");
-       
+
        gssctxt = authctxt->methoddata;
-       
+
        mic.value = packet_get_string(&len);
        mic.length = len;
-       
+
        ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
            "gssapi-with-mic");
-       
+
        gssbuf.value = buffer_ptr(&b);
        gssbuf.length = buffer_len(&b);
-       
+
        if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
                authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
        else
@@ -277,7 +283,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
 
        buffer_free(&b);
        xfree(mic.value);
-       
+
        authctxt->postponed = 0;
        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);