diff options
author | Simo Sorce <simo@redhat.com> | 2013-11-15 15:59:26 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-11-15 16:53:59 -0500 |
commit | b4fc5d952439f672737e1e6bcf8a703a72aa9bcf (patch) | |
tree | 1825b03197842eab3f77dcc30f7f131c078552c8 | |
parent | 811c645f2a796f15be198ca580d1cbf01230e57d (diff) | |
download | libssh-b4fc5d952439f672737e1e6bcf8a703a72aa9bcf.tar.gz libssh-b4fc5d952439f672737e1e6bcf8a703a72aa9bcf.tar.xz libssh-b4fc5d952439f672737e1e6bcf8a703a72aa9bcf.zip |
gssapi: Add support for GSSAPIDelegateCredentials config option.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | src/config.c | 10 | ||||
-rw-r--r-- | src/gssapi.c | 3 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/config.c b/src/config.c index ac3bca1c..850928d9 100644 --- a/src/config.c +++ b/src/config.c @@ -48,7 +48,8 @@ enum ssh_config_opcode_e { SOC_KNOWNHOSTS, SOC_PROXYCOMMAND, SOC_GSSAPISERVERIDENTITY, - SOC_GSSAPICLIENTIDENTITY + SOC_GSSAPICLIENTIDENTITY, + SOC_GSSAPIDELEGATECREDENTIALS, }; struct ssh_config_keyword_table_s { @@ -71,6 +72,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = { { "proxycommand", SOC_PROXYCOMMAND }, { "gssapiserveridentity", SOC_GSSAPISERVERIDENTITY }, { "gssapiserveridentity", SOC_GSSAPICLIENTIDENTITY }, + { "gssapidelegatecredentials", SOC_GSSAPIDELEGATECREDENTIALS }, { NULL, SOC_UNSUPPORTED } }; @@ -339,6 +341,12 @@ static int ssh_config_parse_line(ssh_session session, const char *line, ssh_options_set(session, SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, p); } break; + case SOC_GSSAPIDELEGATECREDENTIALS: + i = ssh_config_get_yesno(&s, -1); + if (i >=0 && *parsing) { + ssh_options_set(session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, &i); + } + break; case SOC_UNSUPPORTED: SSH_LOG(SSH_LOG_RARE, "Unsupported option: %s, line: %d\n", keyword, count); diff --git a/src/gssapi.c b/src/gssapi.c index 88815a47..e2bcce34 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -805,6 +805,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){ } session->gssapi->client.flags = GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG; + if (session->opts.gss_delegate_creds) { + session->gssapi->client.flags |= GSS_C_DELEG_FLAG; + } /* prepare the first TOKEN response */ maj_stat = gss_init_sec_context(&min_stat, |