diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 07:43:00 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 07:43:00 +0000 |
| commit | f74e883352a52dd3ed454627dc159aa65f98d7f3 (patch) | |
| tree | ef77b7637e7135f0f61cad9ae9923215ed60066b /auth2-gss.c | |
| parent | Adding debian version 1:9.7p1-7. (diff) | |
| download | openssh-f74e883352a52dd3ed454627dc159aa65f98d7f3.tar.xz openssh-f74e883352a52dd3ed454627dc159aa65f98d7f3.zip | |
Merging upstream version 1:9.8p1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'auth2-gss.c')
| -rw-r--r-- | auth2-gss.c | 41 |
1 files changed, 15 insertions, 26 deletions
diff --git a/auth2-gss.c b/auth2-gss.c index f72a389..75eb4e3 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.34 2023/03/31 04:22:27 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.36 2024/05/17 04:42:13 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -51,6 +51,7 @@ #define SSH_GSSAPI_MAX_MECHS 2048 extern ServerOptions options; +extern struct authmethod_cfg methodcfg_gssapi; static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh); static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh); @@ -116,7 +117,7 @@ userauth_gssapi(struct ssh *ssh, const char *method) return (0); } - if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { + if (GSS_ERROR(mm_ssh_gssapi_server_ctx(&ctxt, &goid))) { if (ctxt != NULL) ssh_gssapi_delete_ctx(&ctxt); free(doid); @@ -153,7 +154,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) size_t len; int r; - if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) + if (authctxt == NULL) fatal("No authentication or GSSAPI context"); gssctxt = authctxt->methoddata; @@ -163,8 +164,8 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) recv_tok.value = p; recv_tok.length = len; - maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, - &send_tok, &flags)); + maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok, + &send_tok, &flags); free(p); @@ -217,7 +218,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) u_char *p; size_t len; - if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) + if (authctxt == NULL) fatal("No authentication or GSSAPI context"); gssctxt = authctxt->methoddata; @@ -228,8 +229,8 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) recv_tok.length = len; /* Push the error token into GSSAPI to see what it says */ - maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, - &send_tok, NULL)); + maj_status = mm_ssh_gssapi_accept_ctx(gssctxt, &recv_tok, + &send_tok, NULL); free(recv_tok.value); @@ -254,9 +255,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; int r, authenticated; - const char *displayname; - if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) + if (authctxt == NULL) fatal("No authentication or GSSAPI context"); /* @@ -267,11 +267,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) if ((r = sshpkt_get_end(ssh)) != 0) fatal_fr(r, "parse packet"); - authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); - - if ((!use_privsep || mm_is_monitor()) && - (displayname = ssh_gssapi_displayname()) != NULL) - auth2_record_info(authctxt, "%s", displayname); + authenticated = mm_ssh_gssapi_userok(authctxt->user); authctxt->postponed = 0; ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); @@ -290,11 +286,10 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) int r, authenticated = 0; struct sshbuf *b; gss_buffer_desc mic, gssbuf; - const char *displayname; u_char *p; size_t len; - if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) + if (authctxt == NULL) fatal("No authentication or GSSAPI context"); gssctxt = authctxt->methoddata; @@ -312,18 +307,14 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) fatal_f("sshbuf_mutable_ptr failed"); gssbuf.length = sshbuf_len(b); - if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) - authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); + if (!GSS_ERROR(mm_ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))) + authenticated = mm_ssh_gssapi_userok(authctxt->user); else logit("GSSAPI MIC check failed"); sshbuf_free(b); free(mic.value); - if ((!use_privsep || mm_is_monitor()) && - (displayname = ssh_gssapi_displayname()) != NULL) - auth2_record_info(authctxt, "%s", displayname); - authctxt->postponed = 0; ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); @@ -334,10 +325,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) } Authmethod method_gssapi = { - "gssapi-with-mic", - NULL, + &methodcfg_gssapi, userauth_gssapi, - &options.gss_authentication }; #endif /* GSSAPI */ |