diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2016-10-06 18:14:36 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2016-10-06 19:39:01 +0200 |
commit | d63547b18af21ae89e46bb065d4fb8496ddd01e3 (patch) | |
tree | 15c86b3267ded2b4c37cfcc4d5c7d08a03b67a3b | |
parent | 6697f85b5053e36a880f725ea87d1fbba5ee0563 (diff) | |
download | libssh-d63547b18af21ae89e46bb065d4fb8496ddd01e3.tar.gz libssh-d63547b18af21ae89e46bb065d4fb8496ddd01e3.tar.xz libssh-d63547b18af21ae89e46bb065d4fb8496ddd01e3.zip |
gssapi: Print minor stat in error logging function
This also releases the memory allocated for the messages.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 095733ed9cb96639dfcfa7b5e4f67ed57cec7a88)
-rw-r--r-- | src/gssapi.c | 108 |
1 files changed, 91 insertions, 17 deletions
diff --git a/src/gssapi.c b/src/gssapi.c index 099294ee..b8107b09 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -129,11 +129,53 @@ static int ssh_gssapi_send_response(ssh_session session, ssh_string oid){ #endif /* WITH_SERVER */ -static void ssh_gssapi_log_error(int verb, const char *msg, int maj_stat){ - gss_buffer_desc buffer; - OM_uint32 dummy, message_context; - gss_display_status(&dummy,maj_stat,GSS_C_GSS_CODE, GSS_C_NO_OID, &message_context, &buffer); - SSH_LOG(verb, "GSSAPI(%s): %s", msg, (const char *)buffer.value); +static void ssh_gssapi_log_error(int verb, + const char *msg, + int maj_stat, + int min_stat) +{ + gss_buffer_desc msg_maj = { + .length = 0, + }; + gss_buffer_desc msg_min = { + .length = 0, + }; + OM_uint32 dummy_maj, dummy_min; + OM_uint32 message_context = 0; + + dummy_maj = gss_display_status(&dummy_min, + maj_stat, + GSS_C_GSS_CODE, + GSS_C_NO_OID, + &message_context, + &msg_maj); + if (dummy_maj != 0) { + goto out; + } + + dummy_maj = gss_display_status(&dummy_min, + min_stat, + GSS_C_MECH_CODE, + GSS_C_NO_OID, + &message_context, + &msg_min); + if (dummy_maj != 0) { + goto out; + } + + SSH_LOG(verb, + "GSSAPI(%s): %s - %s", + msg, + (const char *)msg_maj.value, + (const char *)msg_min.value); + +out: + if (msg_maj.value) { + dummy_maj = gss_release_buffer(&dummy_min, &msg_maj); + } + if (msg_min.value) { + dummy_maj = gss_release_buffer(&dummy_min, &msg_min); + } } #ifdef WITH_SERVER @@ -212,7 +254,10 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &server_name); if (maj_stat != GSS_S_COMPLETE) { SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(SSH_LOG_WARNING, "importing name", maj_stat); + ssh_gssapi_log_error(SSH_LOG_WARNING, + "importing name", + maj_stat, + min_stat); return -1; } @@ -224,7 +269,10 @@ int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n if (maj_stat != GSS_S_COMPLETE) { SSH_LOG(SSH_LOG_WARNING, "error acquiring credentials %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(SSH_LOG_WARNING, "acquiring creds", maj_stat); + ssh_gssapi_log_error(SSH_LOG_WARNING, + "acquiring creds", + maj_stat, + min_stat); ssh_auth_reply_default(session,0); return SSH_ERROR; } @@ -266,7 +314,10 @@ static char *ssh_gssapi_name_to_char(gss_name_t name){ OM_uint32 maj_stat, min_stat; char *ptr; maj_stat = gss_display_name(&min_stat, name, &buffer, NULL); - ssh_gssapi_log_error(SSH_LOG_WARNING, "converting name", maj_stat); + ssh_gssapi_log_error(SSH_LOG_WARNING, + "converting name", + maj_stat, + min_stat); ptr=malloc(buffer.length + 1); memcpy(ptr, buffer.value, buffer.length); ptr[buffer.length] = '\0'; @@ -335,14 +386,20 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){ maj_stat = gss_accept_sec_context(&min_stat, &session->gssapi->ctx, session->gssapi->server_creds, &input_token, input_bindings, &client_name, NULL /*mech_oid*/, &output_token, &ret_flags, NULL /*time*/, &session->gssapi->client_creds); - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "accepting token", maj_stat); + ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + "accepting token", + maj_stat, + min_stat); ssh_string_free(token); if (client_name != GSS_C_NO_NAME){ session->gssapi->client_name = client_name; session->gssapi->canonic_user = ssh_gssapi_name_to_char(client_name); } if (GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(SSH_LOG_WARNING, "Gssapi error", maj_stat); + ssh_gssapi_log_error(SSH_LOG_WARNING, + "Gssapi error", + maj_stat, + min_stat); ssh_auth_reply_default(session,0); ssh_gssapi_free(session); session->gssapi=NULL; @@ -439,8 +496,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic) mic_token_buf.value = ssh_string_data(mic_token); maj_stat = gss_verify_mic(&min_stat, session->gssapi->ctx, &mic_buf, &mic_token_buf, NULL); - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "verifying MIC", maj_stat); - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "verifying MIC (min stat)", min_stat); + ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + "verifying MIC", + maj_stat, + min_stat); if (maj_stat == GSS_S_DEFECTIVE_TOKEN || GSS_ERROR(maj_stat)) { goto error; } @@ -653,7 +712,10 @@ int ssh_gssapi_auth_mic(ssh_session session){ &session->gssapi->client.server_name); if (maj_stat != GSS_S_COMPLETE) { SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(SSH_LOG_WARNING, "importing name", maj_stat); + ssh_gssapi_log_error(SSH_LOG_WARNING, + "importing name", + maj_stat, + min_stat); return SSH_PACKET_USED; } @@ -759,7 +821,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){ 0, NULL, &input_token, NULL, &output_token, NULL, NULL); if(GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(SSH_LOG_WARNING, "Initializing gssapi context", maj_stat); + ssh_gssapi_log_error(SSH_LOG_WARNING, + "Initializing gssapi context", + maj_stat, + min_stat); return SSH_PACKET_USED; } if (output_token.length != 0){ @@ -797,7 +862,10 @@ static int ssh_gssapi_send_mic(ssh_session session){ maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT, &mic_buf, &mic_token_buf); if (GSS_ERROR(maj_stat)){ ssh_buffer_free(mic_buffer); - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "generating MIC", maj_stat); + ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + "generating MIC", + maj_stat, + min_stat); return SSH_ERROR; } @@ -848,10 +916,16 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){ 0, NULL, &input_token, NULL, &output_token, NULL, NULL); - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "accepting token", maj_stat); + ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + "accepting token", + maj_stat, + min_stat); ssh_string_free(token); if (GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, "Gssapi error", maj_stat); + ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + "Gssapi error", + maj_stat, + min_stat); ssh_gssapi_free(session); session->gssapi=NULL; return SSH_PACKET_USED; |