aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-11-15 15:59:26 -0500
committerAndreas Schneider <asn@cryptomilk.org>2013-11-17 11:43:52 +0100
commit4a3934da484df1db295b262dcdd356d6508ad8a9 (patch)
tree185990f496c36f89a9917ceaae33192338a71e7c
parent68b996bdbf82be9ff8fdcc4750ae1a58cdaf131a (diff)
downloadlibssh-4a3934da484df1db295b262dcdd356d6508ad8a9.tar.gz
libssh-4a3934da484df1db295b262dcdd356d6508ad8a9.tar.xz
libssh-4a3934da484df1db295b262dcdd356d6508ad8a9.zip
gssapi: Add support for GSSAPIDelegateCredentials config option.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--src/config.c10
-rw-r--r--src/gssapi.c3
2 files changed, 12 insertions, 1 deletions
diff --git a/src/config.c b/src/config.c
index ac3bca1c..850928d9 100644
--- a/src/config.c
+++ b/src/config.c
@@ -48,7 +48,8 @@ enum ssh_config_opcode_e {
SOC_KNOWNHOSTS,
SOC_PROXYCOMMAND,
SOC_GSSAPISERVERIDENTITY,
- SOC_GSSAPICLIENTIDENTITY
+ SOC_GSSAPICLIENTIDENTITY,
+ SOC_GSSAPIDELEGATECREDENTIALS,
};
struct ssh_config_keyword_table_s {
@@ -71,6 +72,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "proxycommand", SOC_PROXYCOMMAND },
{ "gssapiserveridentity", SOC_GSSAPISERVERIDENTITY },
{ "gssapiserveridentity", SOC_GSSAPICLIENTIDENTITY },
+ { "gssapidelegatecredentials", SOC_GSSAPIDELEGATECREDENTIALS },
{ NULL, SOC_UNSUPPORTED }
};
@@ -339,6 +341,12 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
ssh_options_set(session, SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, p);
}
break;
+ case SOC_GSSAPIDELEGATECREDENTIALS:
+ i = ssh_config_get_yesno(&s, -1);
+ if (i >=0 && *parsing) {
+ ssh_options_set(session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, &i);
+ }
+ break;
case SOC_UNSUPPORTED:
SSH_LOG(SSH_LOG_RARE, "Unsupported option: %s, line: %d\n",
keyword, count);
diff --git a/src/gssapi.c b/src/gssapi.c
index 88815a47..e2bcce34 100644
--- a/src/gssapi.c
+++ b/src/gssapi.c
@@ -805,6 +805,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
}
session->gssapi->client.flags = GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG;
+ if (session->opts.gss_delegate_creds) {
+ session->gssapi->client.flags |= GSS_C_DELEG_FLAG;
+ }
/* prepare the first TOKEN response */
maj_stat = gss_init_sec_context(&min_stat,